Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rpDOUhuBC5.exe

Overview

General Information

Sample name:rpDOUhuBC5.exe
renamed because original name is a hash value
Original sample name:1f856d82c95fcef4439c2c9d442e44f4.exe
Analysis ID:1581594
MD5:1f856d82c95fcef4439c2c9d442e44f4
SHA1:cb7fabe82a409e77c3d0d422117de414c08ce485
SHA256:bc1a85c3048089f8730fe0c0c995fbede05597a6706be54c541add28cfe1d9af
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • rpDOUhuBC5.exe (PID: 3976 cmdline: "C:\Users\user\Desktop\rpDOUhuBC5.exe" MD5: 1F856D82C95FCEF4439C2C9D442E44F4)
    • taskkill.exe (PID: 2220 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6036 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5368 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2096 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 1460 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7012 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6488 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5128 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4156 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd16ed0-4054-4436-b362-dc6f5d23b61d} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a5db6e510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7888 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 3872 -prefMapHandle 3944 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb856fbc-54fb-4491-a5b4-616ae0b029ea} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a7168cb10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2732 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4996 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4992 -prefMapHandle 4968 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4751dff7-103a-4a3a-83fa-63f5327aa984} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a777a9710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: rpDOUhuBC5.exe PID: 3976JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: rpDOUhuBC5.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: rpDOUhuBC5.exeReversingLabs: Detection: 42%
    Source: rpDOUhuBC5.exeVirustotal: Detection: 27%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.4% probability
    Machine Learning detection for sample
    Source: rpDOUhuBC5.exeJoe Sandbox ML: detected
    Source: rpDOUhuBC5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49753 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49812 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49811 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49831 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.6:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49844 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49843 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49914 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49919 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49917 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49916 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49918 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49925 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49924 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.18.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000012.00000003.2494493527.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000012.00000003.2495296928.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000012.00000003.2494493527.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 00000012.00000003.2491214347.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.18.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000012.00000003.2495296928.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000012.00000003.2491214347.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_0080DBBE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007DC2A2 FindFirstFileExW,1_2_007DC2A2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008168EE FindFirstFileW,FindClose,1_2_008168EE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_0081698F
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_0080D076
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_0080D3A9
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00819642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00819642
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_0081979D
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00819B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00819B2B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00815C97 FindFirstFileW,FindNextFileW,FindClose,1_2_00815C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 219MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,1_2_0081CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 00000012.00000003.2486953190.0000020A6E43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2448880112.0000020A6EEE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2301043912.0000020A79410000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2459308038.0000020A70E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78CB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2440401313.0000020A78E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/8 equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2440401313.0000020A78E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2466477456.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431507460.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2452968433.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78CB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2440401313.0000020A78E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2440401313.0000020A78E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB880C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB880C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB880C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2459308038.0000020A70E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2466477456.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2467427061.0000020A78C43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2309010335.0000020A78D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000003.2467427061.0000020A78C43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431741812.0000020A78C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000003.2466477456.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431507460.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2452968433.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000012.00000003.2440947491.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2470570743.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2453912639.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477352482.0000020A71ACE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2313220191.0000020A777A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 00000012.00000003.2445514137.0000020A6D758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 00000012.00000003.2449313983.0000020A6D758000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 00000012.00000003.2445514137.0000020A6D758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 00000012.00000003.2449313983.0000020A6D758000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.18.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 00000012.00000003.2449313983.0000020A6D758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 00000012.00000003.2451484824.0000020A79494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2458680531.0000020A7164A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2430647745.0000020A79491000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466612893.0000020A78EBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335284460.0000020A78E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2452968433.0000020A78EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431588951.0000020A78EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2457706532.0000020A75EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2451528736.0000020A79491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 00000012.00000003.2473325527.0000020A7639A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 00000012.00000003.2335284460.0000020A78ECD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 00000012.00000003.2461131122.0000020A7046F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431077476.0000020A7940F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 00000012.00000003.2404612600.0000020A766C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2311178376.0000020A766C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 00000012.00000003.2304384500.0000020A719EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2459127630.0000020A70E95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2428470851.0000020A6DFA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2406258379.0000020A6E4B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2403552922.0000020A78DA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2410306016.0000020A6E4B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2340272776.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2324526502.0000020A6EDE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2346346483.0000020A71895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2395114152.0000020A71589000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2342261218.0000020A6EDE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2338321683.0000020A71895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478016249.0000020A704B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335879130.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2411078653.0000020A78D8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303259858.0000020A79432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2346346483.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2447111884.0000020A6EECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303978709.0000020A78EA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2337257621.0000020A71895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2415991762.0000020A6EDE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 00000012.00000003.2445514137.0000020A6D758000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.18.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 00000012.00000003.2449313983.0000020A6D758000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.18.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 00000012.00000003.2449313983.0000020A6D758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 00000012.00000003.2484124580.0000020A71330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 00000012.00000003.2440947491.0000020A777BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2463274551.0000020A6FBF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2470279601.0000020A777BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2463069231.0000020A70147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2313220191.0000020A777BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: mozilla-temp-41.18.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2459445118.0000020A70E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477919664.0000020A70E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2459445118.0000020A70E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477919664.0000020A70E69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 00000012.00000003.2314496747.0000020A7674B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 00000012.00000003.2262317122.0000020A6DB53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 00000012.00000003.2459867068.0000020A70E1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 00000012.00000003.2475514197.0000020A75E96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000001C.00000002.4047013315.0000022CB845A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.googl
    Source: firefox.exe, 00000012.00000003.2320215441.0000020A71AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2395750551.0000020A6F297000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2396220636.0000020A6F22B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2337160620.0000020A6F211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2414845505.0000020A6F297000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2333322081.0000020A6F29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2334808878.0000020A6F211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2334060201.0000020A6F228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
    Source: firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4141092/facebook_container-2.3.11.xpi
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
    Source: firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
    Source: firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/954/954390-64.png?modified=97d4c956
    Source: firefox.exe, 00000012.00000003.2440401313.0000020A78E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 00000012.00000003.2468356195.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2432875556.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2301043912.0000020A79410000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2482241628.0000020A761C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
    Source: firefox.exe, 00000012.00000003.2478879853.0000020A7028A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2440947491.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2470570743.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2453912639.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7760B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477352482.0000020A71ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000014.00000002.4049477961.0000020660FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4052014983.0000022CB8A05000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000014.00000002.4049477961.0000020660FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4052014983.0000022CB8A05000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 00000012.00000003.2452249604.0000020A79F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 00000012.00000003.2382058159.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2386360448.0000020A6F32B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2384692597.0000020A6F37E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 00000012.00000003.2312439364.0000020A78EE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2386360448.0000020A6F32B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 00000012.00000003.2262317122.0000020A6DB53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 00000012.00000003.2462583631.0000020A701D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 00000012.00000003.2471938937.0000020A767A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000014.00000002.4049477961.0000020660FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4052014983.0000022CB8A05000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000014.00000002.4049477961.0000020660FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4052014983.0000022CB8A05000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000012.00000003.2457612775.0000020A75EE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76131000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 00000012.00000003.2457568097.0000020A75EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 00000012.00000003.2411078653.0000020A78D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303623244.0000020A78ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 00000012.00000003.2487151709.0000020A6DCCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262317122.0000020A6DB53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2321632502.0000020A6E4FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2391764150.0000020A6DCB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2406163495.0000020A6E4FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 00000012.00000003.2335284460.0000020A78EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 0000001C.00000002.4048723645.0000022CB8813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000001C.00000002.4048723645.0000022CB8813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D62F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB8830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 00000012.00000003.2457753374.0000020A75EB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EFED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 00000012.00000003.2340272776.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335879130.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2346346483.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2396603997.0000020A718B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2394112497.0000020A718B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 00000012.00000003.2340272776.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335879130.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2346346483.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2396603997.0000020A718B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2394112497.0000020A718B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 00000012.00000003.2438598288.0000020A7A367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
    Source: firefox.exe, 00000012.00000003.2386932673.0000020A6F33A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2332237691.0000020A6F260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2341976181.0000020A6F228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2339782085.0000020A6F228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2328710533.0000020A6F260000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2411688562.0000020A6F33E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2347914301.0000020A6F265000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2334060201.0000020A6F228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456297642.0000020A776AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 00000012.00000003.2452921671.0000020A79454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2430948155.0000020A79451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456297642.0000020A776AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456297642.0000020A776AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456297642.0000020A776AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456297642.0000020A776AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 00000012.00000003.2457706532.0000020A75EC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.18.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000001C.00000002.4048723645.0000022CB88F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 00000012.00000003.2451027878.0000020A79F5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2434685347.0000020A771CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/54b02805-0921-411e-96ec-3001f
    Source: firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2474238914.0000020A762A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 00000012.00000003.2459867068.0000020A70E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 00000012.00000003.2459867068.0000020A70E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D686000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB888E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 00000012.00000003.2465506458.0000020A79489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2503569517.0000020A79489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2430818120.0000020A79489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2440028625.0000020A79489000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 00000012.00000003.2471938937.0000020A767A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000012.00000003.2477352482.0000020A71ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000012.00000003.2453912639.0000020A7772E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000012.00000003.2477352482.0000020A71ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000012.00000003.2477352482.0000020A71ACE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2482830699.0000020A71994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 00000012.00000003.2411078653.0000020A78D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303623244.0000020A78ED3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000012.00000003.2313220191.0000020A777A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000012.00000003.2313220191.0000020A777A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000012.00000003.2467427061.0000020A78C13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431741812.0000020A78C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000012.00000003.2325934868.0000020A6E3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 00000012.00000003.2325934868.0000020A6E3F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A761B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000012.00000003.2464246221.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB8813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000001C.00000002.4048723645.0000022CB8813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/Error:
    Source: firefox.exe, 00000012.00000003.2464246221.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2471938937.0000020A767B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2482830699.0000020A7197B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000012.00000003.2468356195.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2432875556.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2301043912.0000020A79410000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 00000012.00000003.2468356195.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2432875556.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2301043912.0000020A79410000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: places.sqlite-wal.18.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 00000012.00000003.2479606617.0000020A70273000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 00000012.00000003.2451618198.0000020A771E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2434685347.0000020A771E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 00000012.00000003.2451618198.0000020A771E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441937175.0000020A771E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2434685347.0000020A771E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2471444188.0000020A771E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2453912639.0000020A77746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431741812.0000020A78C59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466833943.0000020A78C6C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.18.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 00000012.00000003.2391238279.0000020A7039C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2395580331.0000020A7039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 00000012.00000003.2458876684.0000020A70EDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477675234.0000020A70EDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466833943.0000020A78C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
    Source: places.sqlite-wal.18.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000012.00000003.2466612893.0000020A78EBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335284460.0000020A78E73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2452968433.0000020A78EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431588951.0000020A78EBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000014.00000002.4049477961.0000020660FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4052014983.0000022CB8A05000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466656839.0000020A78CF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.18.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 00000012.00000003.2482241628.0000020A761C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2293255784.0000020A7605C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2293655559.0000020A7606F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 00000012.00000003.2262317122.0000020A6DB53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000012.00000003.2319597913.0000020A762F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78CF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466656839.0000020A78CF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 00000012.00000003.2314496747.0000020A767B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2471938937.0000020A767DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2482598731.0000020A719B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2457847153.0000020A719B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2304384500.0000020A719B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2314496747.0000020A76798000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2471938937.0000020A767B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2314496747.0000020A767DE000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.18.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000012.00000003.2473379371.0000020A76354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466833943.0000020A78C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
    Source: places.sqlite-wal.18.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
    Source: firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466833943.0000020A78C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
    Source: places.sqlite-wal.18.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
    Source: firefox.exe, 00000012.00000003.2451618198.0000020A771E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2434685347.0000020A771E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000003.2451618198.0000020A771E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2434685347.0000020A771E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431741812.0000020A78C59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466833943.0000020A78C6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2453912639.0000020A7772E000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.18.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000001C.00000002.4048723645.0000022CB88F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/3
    Source: firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000012.00000003.2461131122.0000020A70458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 00000012.00000003.2431741812.0000020A78C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 00000012.00000003.2466477456.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2431507460.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2452968433.0000020A78ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335284460.0000020A78ECD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000014.00000002.4049477961.0000020660FCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D6EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4052014983.0000022CB8A05000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.18.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 00000012.00000003.2486824736.0000020A6E566000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2448880112.0000020A6EEE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 00000012.00000003.2304676909.0000020A71969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2483271323.0000020A71969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB880C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 00000012.00000003.2466656839.0000020A78CF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 00000012.00000003.2461131122.0000020A7041B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.18.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000016.00000002.4052048844.0000016F1D7D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 0000001C.00000002.4048392432.0000022CB87D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://acY
    Source: firefox.exe, 0000001C.00000002.4047013315.0000022CB845A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.googlG
    Source: firefox.exe, 00000012.00000003.2474299541.0000020A7629C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2387791521.0000020A6ED63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2387791521.0000020A6ED6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2414845505.0000020A6F297000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2333322081.0000020A6F29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4047689413.0000020660C2A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4048389032.0000020660DA4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4047626102.0000016F1D3DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4052048844.0000016F1D7D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4047013315.0000022CB845A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048392432.0000022CB87D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.2241581240.00000141FEFBA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2250342316.000001BD5110A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 0000001C.00000002.4047013315.0000022CB845A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdA
    Source: firefox.exe, 00000014.00000002.4047689413.0000020660C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdM
    Source: firefox.exe, 00000014.00000002.4047689413.0000020660C20000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4048389032.0000020660DA4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4047626102.0000016F1D3D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4052048844.0000016F1D7D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4047013315.0000022CB8450000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048392432.0000022CB87D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000001C.00000002.4047013315.0000022CB8450000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdU
    Source: firefox.exe, 00000014.00000002.4047689413.0000020660C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdY
    Source: rpDOUhuBC5.exe, 00000001.00000003.2281362426.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2280272665.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2285558409.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000002.2292263172.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2280759692.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2277070970.0000000001757000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2286769435.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2279868551.000000000175A000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2277333970.0000000001757000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdb
    Source: firefox.exe, 00000016.00000002.4047626102.0000016F1D3DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdf
    Source: firefox.exe, 00000016.00000002.4047626102.0000016F1D3D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdr
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49753 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49812 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49811 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49831 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.6:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49844 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49843 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49914 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49919 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49917 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49916 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49918 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49925 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49924 version: TLS 1.2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_0081EAFF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_0081ED6A
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_0081EAFF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,1_2_0080AA57
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00839576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_00839576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: rpDOUhuBC5.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: rpDOUhuBC5.exe, 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_907ede8d-5
    Source: rpDOUhuBC5.exe, 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_1700ebb8-8
    Source: rpDOUhuBC5.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4fabc191-7
    Source: rpDOUhuBC5.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_43f42c81-c
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D712937 NtQuerySystemInformation,22_2_0000016F1D712937
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D7957B2 NtQuerySystemInformation,22_2_0000016F1D7957B2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080D5EB: CreateFileW,DeviceIoControl,CloseHandle,1_2_0080D5EB
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00801201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00801201
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,1_2_0080E8F6
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A80601_2_007A8060
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008120461_2_00812046
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008082981_2_00808298
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007DE4FF1_2_007DE4FF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007D676B1_2_007D676B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008348731_2_00834873
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007ACAF01_2_007ACAF0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007CCAA01_2_007CCAA0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007BCC391_2_007BCC39
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007D6DD91_2_007D6DD9
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007BB1191_2_007BB119
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A91C01_2_007A91C0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C13941_2_007C1394
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C781B1_2_007C781B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007B997D1_2_007B997D
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A79201_2_007A7920
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C7A4A1_2_007C7A4A
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C7CA71_2_007C7CA7
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007D9EEE1_2_007D9EEE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0082BE441_2_0082BE44
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D71293722_2_0000016F1D712937
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D7957B222_2_0000016F1D7957B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D795EDC22_2_0000016F1D795EDC
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D7957F222_2_0000016F1D7957F2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: String function: 007BF9F2 appears 40 times
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: String function: 007C0A30 appears 46 times
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: String function: 007A9CB3 appears 31 times
    Source: rpDOUhuBC5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/38@71/12
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008137B5 GetLastError,FormatMessageW,1_2_008137B5
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008010BF AdjustTokenPrivileges,CloseHandle,1_2_008010BF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008016C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,1_2_008016C3
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008151CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,1_2_008151CD
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_0080D4DC
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,1_2_0081648E
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,1_2_007A42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4364:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1088:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2052:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3728:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: rpDOUhuBC5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456198908.0000020A776C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: rpDOUhuBC5.exeReversingLabs: Detection: 42%
    Source: rpDOUhuBC5.exeVirustotal: Detection: 27%
    Source: unknownProcess created: C:\Users\user\Desktop\rpDOUhuBC5.exe "C:\Users\user\Desktop\rpDOUhuBC5.exe"
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd16ed0-4054-4436-b362-dc6f5d23b61d} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a5db6e510 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 3872 -prefMapHandle 3944 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb856fbc-54fb-4491-a5b4-616ae0b029ea} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a7168cb10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4996 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4992 -prefMapHandle 4968 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4751dff7-103a-4a3a-83fa-63f5327aa984} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a777a9710 utility
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd16ed0-4054-4436-b362-dc6f5d23b61d} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a5db6e510 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 3872 -prefMapHandle 3944 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb856fbc-54fb-4491-a5b4-616ae0b029ea} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a7168cb10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4996 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4992 -prefMapHandle 4968 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4751dff7-103a-4a3a-83fa-63f5327aa984} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a777a9710 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.18.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000012.00000003.2494493527.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000012.00000003.2495296928.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000012.00000003.2494493527.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 00000012.00000003.2491214347.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.18.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000012.00000003.2495296928.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000012.00000003.2491214347.0000020A6D7B2000.00000004.00000020.00020000.00000000.sdmp
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_007A42DE
    Source: gmpopenh264.dll.tmp.18.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C0A76 push ecx; ret 1_2_007C0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007BF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_007BF98E
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00831C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,1_2_00831C41
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_1-97157
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D712937 rdtsc 22_2_0000016F1D712937
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_0080DBBE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007DC2A2 FindFirstFileExW,1_2_007DC2A2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008168EE FindFirstFileW,FindClose,1_2_008168EE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_0081698F
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_0080D076
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_0080D3A9
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00819642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00819642
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_0081979D
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00819B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00819B2B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00815C97 FindFirstFileW,FindNextFileW,FindClose,1_2_00815C97
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_007A42DE
    Source: firefox.exe, 00000016.00000002.4052306636.0000016F1DB70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
    Source: firefox.exe, 0000001C.00000002.4051845138.0000022CB8900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWD^
    Source: firefox.exe, 00000014.00000002.4053008117.0000020661200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
    Source: rpDOUhuBC5.exe, 00000001.00000003.2182842935.00000000016BC000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2186063791.00000000016BC000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2271229478.00000000016BC000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2183892162.00000000016BC000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000002.2291937916.00000000016BC000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2287690098.00000000016BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWt
    Source: rpDOUhuBC5.exe, 00000001.00000003.2286991719.000000000168B000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2286066548.000000000168B000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000001.00000003.2287690098.00000000016B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4047689413.0000020660C2A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4047626102.0000016F1D3DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4052306636.0000016F1DB70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4047013315.0000022CB845A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000014.00000002.4053008117.0000020661200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf
    Source: firefox.exe, 00000014.00000002.4052302603.0000020661117000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000016.00000002.4052306636.0000016F1DB70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
    Source: firefox.exe, 00000016.00000002.4052306636.0000016F1DB70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
    Source: firefox.exe, 00000014.00000002.4053008117.0000020661200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 22_2_0000016F1D712937 rdtsc 22_2_0000016F1D712937
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0081EAA2 BlockInput,1_2_0081EAA2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007D2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_007D2622
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_007A42DE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C4CE8 mov eax, dword ptr fs:[00000030h]1_2_007C4CE8
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00800B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00800B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007D2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_007D2622
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_007C083F
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C09D5 SetUnhandledExceptionFilter,1_2_007C09D5
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_007C0C21
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00801201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00801201
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007E2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,1_2_007E2BA5
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_0080B226 SendInput,keybd_event,1_2_0080B226
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_008222DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,1_2_008222DA
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00800B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00800B62
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00801663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,1_2_00801663
    Source: rpDOUhuBC5.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: rpDOUhuBC5.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 00000012.00000003.2448330800.0000020A78201000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007C0698 cpuid 1_2_007C0698
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007FD21C GetLocalTime,1_2_007FD21C
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007FD27A GetUserNameW,1_2_007FD27A
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007DB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,1_2_007DB952
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_007A42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_007A42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: rpDOUhuBC5.exe PID: 3976, type: MEMORYSTR
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_81
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_XP
    Source: rpDOUhuBC5.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_XPe
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_VISTA
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_7
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: rpDOUhuBC5.exe PID: 3976, type: MEMORYSTR
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00821204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,1_2_00821204
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 1_2_00821806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00821806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581594 Sample: rpDOUhuBC5.exe Startdate: 28/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 rpDOUhuBC5.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 221 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49748, 49749 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49747, 49763, 49765 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    rpDOUhuBC5.exe42%ReversingLabsWin32.Trojan.Amadey
    rpDOUhuBC5.exe28%VirustotalBrowse
    rpDOUhuBC5.exe100%AviraTR/ATRAPS.Gen
    rpDOUhuBC5.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.129.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalse
                        		high
                        contile.services.mozilla.com
                        		34.117.188.166
                        		truefalse
                          		high
                          youtube.com
                          		142.250.181.78
                          		truefalse
                            		high
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            		34.160.144.191
                            		truefalse
                              		high
                              youtube-ui.l.google.com
                              		142.250.181.110
                              		truefalse
                                		high
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                		34.149.128.2
                                		truefalse
                                  		high
                                  reddit.map.fastly.net
                                  		151.101.65.140
                                  		truefalse
                                    		high
                                    ipv4only.arpa
                                    		192.0.0.171
                                    		truefalse
                                      		high
                                      prod.ads.prod.webservices.mozgcp.net
                                      		34.117.188.166
                                      		truefalse
                                        		high
                                        push.services.mozilla.com
                                        		34.107.243.93
                                        		truefalse
                                          		high
                                          normandy-cdn.services.mozilla.com
                                          		35.201.103.21
                                          		truefalse
                                            		high
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            		34.120.208.123
                                            		truefalse
                                              		high
                                              www.reddit.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                spocs.getpocket.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  content-signature-2.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    support.mozilla.org
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      firefox.settings.services.mozilla.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.youtube.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.facebook.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            detectportal.firefox.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              normandy.cdn.mozilla.net
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                shavar.services.mozilla.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  www.wikipedia.org
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://detectportal.firefox.com/firefox.exe, 00000012.00000003.2473325527.0000020A7639A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.18.drfalse
                                                                              		high
                                                                              https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000016.00000002.4048115489.0000016F1D686000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB888E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.leboncoin.fr/firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000012.00000003.2464246221.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2471938937.0000020A767B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushedfirefox.exe, 00000012.00000003.2323849945.0000020A6E51F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://shavar.services.mozilla.comfirefox.exe, 00000012.00000003.2313220191.0000020A777A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://completion.amazon.com/search/complete?q=firefox.exe, 00000012.00000003.2262317122.0000020A6DB53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000012.00000003.2468356195.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2432875556.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2301043912.0000020A79410000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79ffirefox.exe, 00000012.00000003.2298010283.0000020A766B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000012.00000003.2441629128.0000020A776AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456297642.0000020A776AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2466656839.0000020A78CF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.msn.comfirefox.exe, 00000012.00000003.2461131122.0000020A70458000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/mozilla-services/screenshotsfirefox.exe, 00000012.00000003.2261887126.0000020A6DB10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2261310402.0000020A6D900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2262142978.0000020A6DB32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://youtube.com/firefox.exe, 00000012.00000003.2461131122.0000020A7041B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000012.00000003.2471938937.0000020A767A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://json-schema.org/draft/2020-12/schema/=firefox.exe, 00000012.00000003.2324751198.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2464246221.0000020A6EF64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://youtube.com/account?=https://acfirefox.exe, 00000016.00000002.4052048844.0000016F1D7D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://youtube.com/account?=https://accounts.googlGfirefox.exe, 0000001C.00000002.4047013315.0000022CB845A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.18.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.amazon.com/firefox.exe, 00000012.00000003.2431741812.0000020A78C76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.youtube.com/firefox.exe, 00000016.00000002.4048115489.0000016F1D60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB880C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://MD8.mozilla.org/1/mfirefox.exe, 00000012.00000003.2314496747.0000020A7674B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.bbc.co.uk/firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000016.00000002.4048115489.0000016F1D6C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB88C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://127.0.0.1:firefox.exe, 00000012.00000003.2440947491.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2470570743.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2453912639.0000020A777A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477352482.0000020A71ACE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2313220191.0000020A777A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000012.00000003.2411078653.0000020A78D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303623244.0000020A78ED3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://bugzilla.mofirefox.exe, 00000012.00000003.2452249604.0000020A79F80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000012.00000003.2468356195.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2432875556.0000020A77FA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2301043912.0000020A79410000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.18.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://shavar.services.mozilla.com/firefox.exe, 00000012.00000003.2313220191.0000020A777A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://spocs.getpocket.com/firefox.exe, 00000012.00000003.2464246221.0000020A6EF97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2458176445.0000020A716C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.4048115489.0000016F1D612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048723645.0000022CB8813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.iqiyi.com/firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.18.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000012.00000003.2476398183.0000020A75E67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://monitor.firefox.com/aboutfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 00000012.00000003.2304384500.0000020A719EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2459127630.0000020A70E95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2428470851.0000020A6DFA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2406258379.0000020A6E4B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2403552922.0000020A78DA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2410306016.0000020A6E4B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2340272776.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2324526502.0000020A6EDE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2346346483.0000020A71895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2395114152.0000020A71589000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2342261218.0000020A6EDE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2338321683.0000020A71895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2478016249.0000020A704B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2335879130.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2411078653.0000020A78D8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303259858.0000020A79432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2346346483.0000020A718B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2447111884.0000020A6EECE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2303978709.0000020A78EA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2337257621.0000020A71895000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2415991762.0000020A6EDE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://account.bellmedia.cfirefox.exe, 00000012.00000003.2459867068.0000020A70E1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://youtube.com/firefox.exe, 00000012.00000003.2319597913.0000020A762F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://login.microsoftonline.comfirefox.exe, 00000012.00000003.2459867068.0000020A70E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://coverage.mozilla.orgfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.18.drfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 00000012.00000003.2296314749.0000020A7661C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://x1.c.lencr.org/0firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2459445118.0000020A70E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477919664.0000020A70E69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://x1.i.lencr.org/0firefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2459445118.0000020A70E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477919664.0000020A70E69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://a9.com/-/spec/opensearch/1.1/firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://blocked.cdn.mozilla.net/firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000012.00000003.2319597913.0000020A762B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2474238914.0000020A762A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000012.00000003.2474928652.0000020A76186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456625515.0000020A76186000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://duckduckgo.com/?t=ffab&q=firefox.exe, 00000012.00000003.2335284460.0000020A78EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://profiler.firefox.comfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 00000012.00000003.2385394411.0000020A6F372000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://identity.mozilla.com/apps/relayfirefox.exe, 00000012.00000003.2452921671.0000020A79454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2430948155.0000020A79451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000012.00000003.2458876684.0000020A70EDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2477675234.0000020A70EDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 00000012.00000003.2382058159.0000020A6F345000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2384692597.0000020A6F37E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2382058159.0000020A6F371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2385394411.0000020A6F37B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 00000012.00000003.2471334735.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2441629128.0000020A7762C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2481280309.0000020A77653000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2456388440.0000020A7762C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000012.00000003.2457568097.0000020A75EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://www.amazon.co.uk/firefox.exe, 00000012.00000003.2474175178.0000020A762BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2319597913.0000020A762CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 00000014.00000002.4052087512.0000020661000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.4051809186.0000016F1D750000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.4048224654.0000022CB8700000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                                                                            		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            151.101.129.91
                                                                                                                                                                                                                                                                            		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                                                                            		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                                                                            		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                                                                            		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                                                                            		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                                                                            		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                                                                            		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            142.250.181.78
                                                                                                                                                                                                                                                                            		youtube.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                                                                            		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                                                                            		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                            Analysis ID:1581594
                                                                                                                                                                                                                                                                            Start date and time:2024-12-28 09:46:26 +01:00
                                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                            Overall analysis duration:0h 8m 14s
                                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:40
                                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                            Sample name:rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                                                                            Original Sample Name:1f856d82c95fcef4439c2c9d442e44f4.exe
                                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                                            Classification:mal80.troj.evad.winEXE@34/38@71/12
                                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 40%
                                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 95%
                                                                                                                                                                                                                                                                            • Number of executed functions: 49
                                                                                                                                                                                                                                                                            • Number of non-executed functions: 296
                                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.198.119.143, 2.16.164.105, 2.16.164.72, 44.232.159.99, 54.148.175.110, 52.40.120.141, 172.217.17.74, 142.250.181.138, 172.217.17.46, 88.221.134.155, 88.221.134.209, 20.190.147.12, 20.103.156.88, 2.16.158.27, 13.107.246.63, 2.16.158.33, 23.218.208.109, 52.149.20.212, 150.171.27.10, 2.16.158.185, 20.223.36.55
                                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, tse1.mm.bing.net, a17.rackcdn.com.mdc.edgesuite.net, g.bing.com, aus5.mozilla.org, a767.dspw65.akamai.net, arc.msn.com, a19.dscg10.akamai.net, wns.notify.trafficmanager.net, ocsp.digicert.com, redirector.gvt1.com, login.live.com, ocsp.edge.digicert.com, safebrowsing.googleapis.com, wu-b-net.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, location.services.mozilla.com
                                                                                                                                                                                                                                                                            • Execution Graph export aborted for target firefox.exe, PID 5128 because there are no executed function
                                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            34.117.188.166ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                              34.149.100.209https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                    NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                151.101.129.91fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    34.160.144.191https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      example.orgReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comhttps://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                                      http://vanessa.nilsson@dmava.nj.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      twitter.comhttps://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                      ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                      NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                      services.addons.mozilla.orgReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                      NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                      ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                      Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                      cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                      https://property-management-portal.replit.app/%2520%2522https:/property-management-portal.replit.app/%2522Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.33.233
                                                                                                                                                                                                                                                                                                                                                      Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                      Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                      https://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.67.241.53
                                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUShttps://haleborealis.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.81.203
                                                                                                                                                                                                                                                                                                                                                      https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.3.189.217
                                                                                                                                                                                                                                                                                                                                                      db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                                                                                                      • 51.97.11.221
                                                                                                                                                                                                                                                                                                                                                      ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 48.226.14.3
                                                                                                                                                                                                                                                                                                                                                      xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 48.82.97.179
                                                                                                                                                                                                                                                                                                                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.56.199.147
                                                                                                                                                                                                                                                                                                                                                      xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 57.42.114.35
                                                                                                                                                                                                                                                                                                                                                      FASTLYUShttps://www.dropbox.com/scl/fi/lncgsm76k7l5ix7fuu5t6/2024-OK-House-Outreach.pdf?rlkey=o4qr50zpdw1z14o6ikdg6zjt8&st=lrloyzlo&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                                      http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                      http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4uGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                      Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                                      w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                      • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                                      OiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                                      • 185.199.108.133
                                                                                                                                                                                                                                                                                                                                                      https://dnsextension.pro/invoice/d2d0bf8701b34bc296ca83b956c10720Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.229
                                                                                                                                                                                                                                                                                                                                                      grand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.2.133
                                                                                                                                                                                                                                                                                                                                                      5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                      • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUShttps://haleborealis.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.81.203
                                                                                                                                                                                                                                                                                                                                                      https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.3.189.217
                                                                                                                                                                                                                                                                                                                                                      db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                                                                                                      • 51.97.11.221
                                                                                                                                                                                                                                                                                                                                                      ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 48.226.14.3
                                                                                                                                                                                                                                                                                                                                                      xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 48.82.97.179
                                                                                                                                                                                                                                                                                                                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.56.199.147
                                                                                                                                                                                                                                                                                                                                                      xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 57.42.114.35

                                                                                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcaReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                        NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                      https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_0aea9c95-3e48-41e6-b217-65ec04139348.json (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.178766448020323
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:XBMXD/IcbhbVbTbfbRbObtbyEl7nwrNJA6unSrDtTkdxSof2g:XiEcNhnzFSJQrI1nSrDhkdxqg
                                                                                                                                                                                                                                                                                                                                                                        MD5:A14D50C4389640FA72249674BD183518
                                                                                                                                                                                                                                                                                                                                                                        SHA1:FEBFFDADDEEF12DBC5FCCBF6E2034C91472212EF
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:66406C6BEF0D499BD34FD3B2C8448FBC7B5FB81EF9330B46F72C47E581961247
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A0D6D9364447FD5DFB69C5862C4D59104F75321D71D6563DFE8D6D1E963CF30B835CB136E1DB0B4F28380F98F1C193C40B597967707662DA91E110426F1B1651
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"0aea9c95-3e48-41e6-b217-65ec04139348","creationDate":"2024-12-28T10:22:15.028Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_0aea9c95-3e48-41e6-b217-65ec04139348.json.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.178766448020323
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:XBMXD/IcbhbVbTbfbRbObtbyEl7nwrNJA6unSrDtTkdxSof2g:XiEcNhnzFSJQrI1nSrDhkdxqg
                                                                                                                                                                                                                                                                                                                                                                        MD5:A14D50C4389640FA72249674BD183518
                                                                                                                                                                                                                                                                                                                                                                        SHA1:FEBFFDADDEEF12DBC5FCCBF6E2034C91472212EF
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:66406C6BEF0D499BD34FD3B2C8448FBC7B5FB81EF9330B46F72C47E581961247
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A0D6D9364447FD5DFB69C5862C4D59104F75321D71D6563DFE8D6D1E963CF30B835CB136E1DB0B4F28380F98F1C193C40B597967707662DA91E110426F1B1651
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"0aea9c95-3e48-41e6-b217-65ec04139348","creationDate":"2024-12-28T10:22:15.028Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                        MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                        SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                        MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                        SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.3139047242871906
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:pedxBCUgdwhzfedxBC6Bdw3FedxBiadw11:MQCIib
                                                                                                                                                                                                                                                                                                                                                                        MD5:8F33F58240C1250A92763E06CBFB4DEF
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CD8D21B18DA5663E8EE8EF71DD231736CF53C2F5
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E17EA3550FB0BC8F31E07598136CEFE3BCC312B3132843038E428BA1C7B3EEE1
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:28DEA9CE02E9D61922887084DAC7859137E4533EBCEE51FEE2C56A2AF8C0244A72376BBD456A186CD2706A95F9A6DC0AFAEA8E7B9E5C22F75FD8D5E0EF950331
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p.........?,.Y..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.E....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.E............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.E..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P".......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.3139047242871906
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:pedxBCUgdwhzfedxBC6Bdw3FedxBiadw11:MQCIib
                                                                                                                                                                                                                                                                                                                                                                        MD5:8F33F58240C1250A92763E06CBFB4DEF
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CD8D21B18DA5663E8EE8EF71DD231736CF53C2F5
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E17EA3550FB0BC8F31E07598136CEFE3BCC312B3132843038E428BA1C7B3EEE1
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:28DEA9CE02E9D61922887084DAC7859137E4533EBCEE51FEE2C56A2AF8C0244A72376BBD456A186CD2706A95F9A6DC0AFAEA8E7B9E5C22F75FD8D5E0EF950331
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p.........?,.Y..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.E....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.E............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.E..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P".......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7DFTD2462SS4IXM6N7VN.temp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.3139047242871906
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:pedxBCUgdwhzfedxBC6Bdw3FedxBiadw11:MQCIib
                                                                                                                                                                                                                                                                                                                                                                        MD5:8F33F58240C1250A92763E06CBFB4DEF
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CD8D21B18DA5663E8EE8EF71DD231736CF53C2F5
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E17EA3550FB0BC8F31E07598136CEFE3BCC312B3132843038E428BA1C7B3EEE1
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:28DEA9CE02E9D61922887084DAC7859137E4533EBCEE51FEE2C56A2AF8C0244A72376BBD456A186CD2706A95F9A6DC0AFAEA8E7B9E5C22F75FD8D5E0EF950331
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p.........?,.Y..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.E....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.E............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.E..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P".......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PSXL6YZH95LMJ9T7QUXD.temp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.3139047242871906
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:pedxBCUgdwhzfedxBC6Bdw3FedxBiadw11:MQCIib
                                                                                                                                                                                                                                                                                                                                                                        MD5:8F33F58240C1250A92763E06CBFB4DEF
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CD8D21B18DA5663E8EE8EF71DD231736CF53C2F5
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E17EA3550FB0BC8F31E07598136CEFE3BCC312B3132843038E428BA1C7B3EEE1
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:28DEA9CE02E9D61922887084DAC7859137E4533EBCEE51FEE2C56A2AF8C0244A72376BBD456A186CD2706A95F9A6DC0AFAEA8E7B9E5C22F75FD8D5E0EF950331
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p.........?,.Y..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.3..PROGRA~1..t......O.I.Y.E....B...............J.......j.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.E............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.E..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P".......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.931437844757259
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsL3ajWB8P:gXiNFS+OcUGOdwiOdwBjkYLOWB8P
                                                                                                                                                                                                                                                                                                                                                                        MD5:6F118B0AA394CD992FEB39520A959BBD
                                                                                                                                                                                                                                                                                                                                                                        SHA1:AA4422EB6397720BDA70B067293DE927BBEB67D2
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4C78D5691554F1845BD0E5BC233DF85ADB39E481D83D20D103BAF1D4F2F9D2C9
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9409EFD4565E902B0265E9D0A7CF0482546E439EBDDA6A528C70CC8DDB7459F28B41D501A251D8FDD0EA71E790A2FBCCFA476E100B38354BAA8AF035F5C46BB8
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.931437844757259
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsL3ajWB8P:gXiNFS+OcUGOdwiOdwBjkYLOWB8P
                                                                                                                                                                                                                                                                                                                                                                        MD5:6F118B0AA394CD992FEB39520A959BBD
                                                                                                                                                                                                                                                                                                                                                                        SHA1:AA4422EB6397720BDA70B067293DE927BBEB67D2
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:4C78D5691554F1845BD0E5BC233DF85ADB39E481D83D20D103BAF1D4F2F9D2C9
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:9409EFD4565E902B0265E9D0A7CF0482546E439EBDDA6A528C70CC8DDB7459F28B41D501A251D8FDD0EA71E790A2FBCCFA476E100B38354BAA8AF035F5C46BB8
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                        MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                        SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                        MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                        SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                        MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                        MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                        SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                        MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                        SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                        • Filename: cMTqzvmx9u.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: NetFxRepairTools.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: nM0h824cc3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: nM0h824cc3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: ghostspider.7z, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.07323819165234684
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiC:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                                        MD5:C2BC9426B748A76F28E6B1D28250FFBD
                                                                                                                                                                                                                                                                                                                                                                        SHA1:AD30AEB991A23296AF1BFBA78D3D74426A7FA29A
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:3D9B7808ABCB765C0D1508DD02B1FD47B935EC08ACEBEB643186014992DC9564
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:66B56B919D65F13B80309E8B783B2445187491E5FAD41EAF9C2B9A2E41BCD3EA62FA7799D4D1E809D89B11741261FAE2FABCDC95F353D379F4B40DDBC75C40B3
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.039751381258926154
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:GHlhVoESt+WET6lhVoESt+WEL1ol8a9//Ylll4llqlyllel4lt:G7Vo7AWtVo7AW3L9XIwlio
                                                                                                                                                                                                                                                                                                                                                                        MD5:34684D13E8DD7D6A9B47A1EAA01AAC37
                                                                                                                                                                                                                                                                                                                                                                        SHA1:DFA5CD69F5B0E585803EDEDB84020AC46CE2BE2F
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:DBB20D2A1AD3617B0FDE88DA39DDF937DE66C77C042B022BF0300179D97BA939
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:6D25FA1E62DBA6D1CE72D245AA57D78A14900F637ED705F5BE6126085AB64E829F98104A4107796FAB36DA880F7B323D0DB98D667CCC1185F9EFC6A00F5F3FD7
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:..-......................mH.[.7.9j^7......?..z6L..-......................mH.[.7.9j^7......?..z6L........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.09551959867157706
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:KRZT276Lxs9YC4b5xsMldCCQE/TSKCrsCs81xsaye4gmwlm2iEg:FGs+zJKDC8XVye4UU
                                                                                                                                                                                                                                                                                                                                                                        MD5:1758E36BED6619FEC355F57B140FCCD7
                                                                                                                                                                                                                                                                                                                                                                        SHA1:F2B4627CFC72836CE9BF121E586F6E40EC5228C5
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:0AB8AF554C3BF7E4E7A2534E3E5681401D5981F2AE4D45FEDB92011C5C3166DF
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:71AB94B54EFE044E1A2DADDF50F3200C4D2332E921B7D38A48B88F3C7EB0925A65962B2B742A189931383C9C6A8EF60024BDE9C4ABA8420D56D9045D4EC45D29
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:7....-..........9j^7.....%mL\0..........9j^7....x.(q.E.h................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.46713537495965
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:InTFTRRUYbBp64LZNMGaXe6qU4o3zy+/3/7Ous5RYiNBw8dkSl:KKehFNMRnDyCOvdw30
                                                                                                                                                                                                                                                                                                                                                                        MD5:E31A7C4CCFBA50435DC3FFB6D624ABD3
                                                                                                                                                                                                                                                                                                                                                                        SHA1:82004EB34EF693F38E68DDBDB595E9D7DD0D6C76
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:15F97108C22DE6CFB40D7E3674D0A81253D664F186E7ECCAE9260ACBDCF2889A
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:844A4277A72D91B880F388B4C9A4B57B9B1898B70B84CC5DC88225E3F5201B9A308BDFB7D3D9BD33452CD3D290CF3CEF0A63212C3F34DA38F438FA23E26A83E4
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735381304);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735381304);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735381304);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173538

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.46713537495965
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:192:InTFTRRUYbBp64LZNMGaXe6qU4o3zy+/3/7Ous5RYiNBw8dkSl:KKehFNMRnDyCOvdw30
                                                                                                                                                                                                                                                                                                                                                                        MD5:E31A7C4CCFBA50435DC3FFB6D624ABD3
                                                                                                                                                                                                                                                                                                                                                                        SHA1:82004EB34EF693F38E68DDBDB595E9D7DD0D6C76
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:15F97108C22DE6CFB40D7E3674D0A81253D664F186E7ECCAE9260ACBDCF2889A
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:844A4277A72D91B880F388B4C9A4B57B9B1898B70B84CC5DC88225E3F5201B9A308BDFB7D3D9BD33452CD3D290CF3CEF0A63212C3F34DA38F438FA23E26A83E4
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735381304);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735381304);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735381304);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173538

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                        MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                        SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.333238696736411
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxSrLXnIgPm/pnxQwRlszT5sKLHo3eHVvwKXTJamhujJAxOOxmD6maoT:GUpOx2XenR6Lo3eNwCTJ4JeGbRhr
                                                                                                                                                                                                                                                                                                                                                                        MD5:B2E9BED0B21B257E1F0F18D6D9E0FEB1
                                                                                                                                                                                                                                                                                                                                                                        SHA1:9CD17791B415AF8BFFBC3C71139C08024CB373A9
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B0FF758F3BAC2050BA8CC7F7C04033CE295B129AA656F81C20AD8F814AD9B172
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:997C71A7ADAD6EF0E05E3707C55B7FFFA0676A50DB3D7CEA8334191C4609237CCA251AA55F7B217DE0E92D2D4AB0991CD4D54E47CAD53A9ADE981CBF05975463
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{1ed446a8-8543-42ef-8425-cbfa7e77d9ba}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1735381324239,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..iUpdate...40,"startTim..Q27406...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....278490,"originA

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.333238696736411
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxSrLXnIgPm/pnxQwRlszT5sKLHo3eHVvwKXTJamhujJAxOOxmD6maoT:GUpOx2XenR6Lo3eNwCTJ4JeGbRhr
                                                                                                                                                                                                                                                                                                                                                                        MD5:B2E9BED0B21B257E1F0F18D6D9E0FEB1
                                                                                                                                                                                                                                                                                                                                                                        SHA1:9CD17791B415AF8BFFBC3C71139C08024CB373A9
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B0FF758F3BAC2050BA8CC7F7C04033CE295B129AA656F81C20AD8F814AD9B172
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:997C71A7ADAD6EF0E05E3707C55B7FFFA0676A50DB3D7CEA8334191C4609237CCA251AA55F7B217DE0E92D2D4AB0991CD4D54E47CAD53A9ADE981CBF05975463
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{1ed446a8-8543-42ef-8425-cbfa7e77d9ba}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1735381324239,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..iUpdate...40,"startTim..Q27406...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....278490,"originA

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.333238696736411
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxSrLXnIgPm/pnxQwRlszT5sKLHo3eHVvwKXTJamhujJAxOOxmD6maoT:GUpOx2XenR6Lo3eNwCTJ4JeGbRhr
                                                                                                                                                                                                                                                                                                                                                                        MD5:B2E9BED0B21B257E1F0F18D6D9E0FEB1
                                                                                                                                                                                                                                                                                                                                                                        SHA1:9CD17791B415AF8BFFBC3C71139C08024CB373A9
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:B0FF758F3BAC2050BA8CC7F7C04033CE295B129AA656F81C20AD8F814AD9B172
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:997C71A7ADAD6EF0E05E3707C55B7FFFA0676A50DB3D7CEA8334191C4609237CCA251AA55F7B217DE0E92D2D4AB0991CD4D54E47CAD53A9ADE981CBF05975463
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{1ed446a8-8543-42ef-8425-cbfa7e77d9ba}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1735381324239,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..iUpdate...40,"startTim..Q27406...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....278490,"originA

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                        MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                                        SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.008698417913156
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YrSAYzHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yczCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                        MD5:79BD19B86346A868F6F2C053AE8EBD16
                                                                                                                                                                                                                                                                                                                                                                        SHA1:C2129D5536D0184B340D661B379389D9DD735BFF
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E5D783CA0CADD02C78DE184116876A4ADBF52BC59BDBDD539E73D55E3AEB36B0
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B19C59DF084A0B79649432ECAD8003420AF247DECAA440DDD5536A9F124B91B54DA1EBEAA3C004D36E9F548627BCB349C0097EAA0D6FAF9577225749CD7893C
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-28T10:21:35.348Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                                                                                        Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.008698417913156
                                                                                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:48:YrSAYzHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yczCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                        MD5:79BD19B86346A868F6F2C053AE8EBD16
                                                                                                                                                                                                                                                                                                                                                                        SHA1:C2129D5536D0184B340D661B379389D9DD735BFF
                                                                                                                                                                                                                                                                                                                                                                        SHA-256:E5D783CA0CADD02C78DE184116876A4ADBF52BC59BDBDD539E73D55E3AEB36B0
                                                                                                                                                                                                                                                                                                                                                                        SHA-512:0B19C59DF084A0B79649432ECAD8003420AF247DECAA440DDD5536A9F124B91B54DA1EBEAA3C004D36E9F548627BCB349C0097EAA0D6FAF9577225749CD7893C
                                                                                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-28T10:21:35.348Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.704095702702296
                                                                                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                        File name:rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                                                                                                                        File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5:1f856d82c95fcef4439c2c9d442e44f4
                                                                                                                                                                                                                                                                                                                                                                        SHA1:cb7fabe82a409e77c3d0d422117de414c08ce485
                                                                                                                                                                                                                                                                                                                                                                        SHA256:bc1a85c3048089f8730fe0c0c995fbede05597a6706be54c541add28cfe1d9af
                                                                                                                                                                                                                                                                                                                                                                        SHA512:4e646bf7f8a1dabc5a56f2502024de0399ec8b42261cb84304fb8b16a55219363c9e9f1a2af507c7111ddf845895b029ab25f1766b7eca1ccf649e9c41db66fc
                                                                                                                                                                                                                                                                                                                                                                        SSDEEP:24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aAPg:yTvC/MTQYxsWR7aAP
                                                                                                                                                                                                                                                                                                                                                                        TLSH:2F259E0273D1C062FF9B92334B5AF6515BBC69260123E62F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                                                                                        Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                        Time Stamp:0x676F2C35 [Fri Dec 27 22:37:41 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                                                                                                        call 00007F28147C8D83h
                                                                                                                                                                                                                                                                                                                                                                        jmp 00007F28147C868Fh
                                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                        call 00007F28147C886Dh
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                        call 00007F28147C883Ah
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                        and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                        and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                        add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                                        call 00007F28147CB42Dh
                                                                                                                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                                        call 00007F28147CB478h
                                                                                                                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                                                                                        call 00007F28147CB461h
                                                                                                                                                                                                                                                                                                                                                                        test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                        pop ecx

                                                                                                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x16580.rsrc
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                        .rsrc0xd40000x165800x16600d45159d884a3608e539e0b72a8b2ac27False0.7046853177374302data7.179470013468991IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                        .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                        RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                        RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                        RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                        RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                        RT_RCDATA0xdc8fc0xd704data1.0004723493932126
                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea0000x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea0780x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea08c0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0xea0a00x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                        RT_VERSION0xea0b40xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                        RT_MANIFEST0xea1900x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                                                                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                        PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                        UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                        EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.602533102 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.602582932 CET4434973635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.603269100 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.707673073 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.707704067 CET4434973635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.341547966 CET4434973635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.345923901 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.377383947 CET4974780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.384206057 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.384237051 CET4434973635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.384371042 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.384495974 CET4434973635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.384563923 CET49736443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448044062 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448081970 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448191881 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448227882 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448246956 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.449718952 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.449733019 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.449884892 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.453912020 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.453928947 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.496881008 CET804974734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.497060061 CET4974780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.497277021 CET4974780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.590536118 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.590574026 CET4434975034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.590822935 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.592308044 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.592324972 CET4434975034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.616731882 CET804974734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.638453960 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.638468027 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.639030933 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.639071941 CET4434975234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.640785933 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.640804052 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.640846968 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.640857935 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.642640114 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.642652988 CET4434975234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.008929014 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.008970022 CET4434975334.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.009159088 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.009336948 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.009351969 CET4434975334.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.628537893 CET804974734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.769236088 CET4974780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.015980959 CET4434975034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.016058922 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.020433903 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.020448923 CET4434975034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.020513058 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.020654917 CET4434975034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.020710945 CET49750443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.094497919 CET4434975234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.103348017 CET4434975234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.113498926 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.132649899 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.133196115 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.143352032 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.161659002 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.191059113 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.191788912 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.193754911 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.196365118 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.196374893 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.196398973 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.196788073 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.197400093 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.198173046 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.198188066 CET4434975234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.198256969 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.198520899 CET4434975234.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.203332901 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.207278967 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.207333088 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.207357883 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.207521915 CET4434975135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.207925081 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.208830118 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.208834887 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.208976030 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.209811926 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.209887028 CET49752443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.210275888 CET49751443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.224996090 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225018978 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225084066 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225217104 CET44349748142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225703001 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225718021 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225810051 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225938082 CET49748443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.225966930 CET44349749142.250.181.78192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.230405092 CET49749443192.168.2.6142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.272911072 CET4434975334.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.272986889 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.276113033 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.276122093 CET4434975334.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.276571035 CET4434975334.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.279000998 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.279073000 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.279198885 CET4434975334.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:36.279453039 CET49753443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.271115065 CET4974780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.391014099 CET804974734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.391077995 CET4974780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.429270983 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.497164011 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.497221947 CET4434976434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.498323917 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.509196997 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.510590076 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.510606050 CET4434976434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.548779011 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.549566984 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.549755096 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.617945910 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.618084908 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.669231892 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.771759987 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.891283035 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.681643963 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.749285936 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.756865025 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.819787979 CET4434976434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.819804907 CET4434976434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.819864988 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.829324961 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.829335928 CET4434976434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.829407930 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.829569101 CET4434976434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.829615116 CET49764443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.872706890 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.402115107 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.661897898 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.725291014 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.775305986 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.263052940 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.266438007 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.266494036 CET4434978234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.266568899 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.268517971 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.268537045 CET4434978234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.382581949 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.586777925 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.633371115 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.529275894 CET4434978234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.529361963 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.535135984 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.535145998 CET4434978234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.535238028 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.535301924 CET4434978234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:44.535370111 CET49782443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.127899885 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.127938986 CET4434978835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.128053904 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.128185034 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.128199100 CET4434978835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.306041002 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.319804907 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.425582886 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.439270973 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.449984074 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.450021982 CET4434979134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.450560093 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.452136040 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.452152967 CET4434979134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.629571915 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.643465996 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.685869932 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.685869932 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.793868065 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.913480997 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.918982029 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.919039011 CET4434979534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.919123888 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.920597076 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.920609951 CET4434979534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.117507935 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.171766996 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.385693073 CET4434978835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.385766983 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.641799927 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.641814947 CET4434978835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.642210007 CET4434978835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.644365072 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.644435883 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.644543886 CET49788443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.667685032 CET4434979134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.667759895 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.672229052 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.672235966 CET4434979134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.672323942 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.672399998 CET4434979134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.672472954 CET49791443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.979403019 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.099050045 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.184036970 CET4434979534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.184125900 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.303734064 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.345766068 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.345794916 CET4434979534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.345875025 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.346082926 CET4434979534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.346295118 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.346337080 CET4434979634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.347155094 CET49795443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.347230911 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.348619938 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.348634958 CET4434979634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.353085041 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.483525038 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.483558893 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.483683109 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.485171080 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.485184908 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.496411085 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.616056919 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.820967913 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.877130985 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:50.651770115 CET4434979634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:50.651849985 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:50.750219107 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:50.750305891 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.128914118 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.128947020 CET4434979634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.129013062 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.129237890 CET4434979634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.129431963 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.129462957 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.129491091 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.129698992 CET4434979734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.132817030 CET49796443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.132826090 CET49797443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.724349976 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.775837898 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.775877953 CET4434980934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.779418945 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.780869007 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.780886889 CET4434980934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.843852043 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.864396095 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.864439964 CET4434981034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.865183115 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.866750002 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.866766930 CET4434981034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917001009 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917056084 CET4434981134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917090893 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917133093 CET4434981234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917169094 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917320013 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917335987 CET4434981134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917417049 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917489052 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.917505980 CET4434981234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.048139095 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.052798986 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.091453075 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.172271967 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.376282930 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.438105106 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.991481066 CET4434980934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.994452000 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.056844950 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.056865931 CET4434980934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.056956053 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.057218075 CET4434980934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.057271004 CET49809443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.127954960 CET4434981234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.128546953 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.131319046 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.131328106 CET4434981234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.131589890 CET4434981234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.134202957 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.134289980 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.134371996 CET4434981234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.134462118 CET49812443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.171015978 CET4434981034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.171161890 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.174309969 CET4434981134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.174385071 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177078962 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177088022 CET4434981134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177330971 CET4434981134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177654028 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177669048 CET4434981034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177737951 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.177850008 CET4434981034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.178200006 CET49810443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.179723024 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.179800987 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.179867029 CET4434981134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.179970026 CET49811443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.593967915 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.713489056 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.918442011 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.922461033 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.962455034 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.041951895 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.245796919 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.294718027 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.655384064 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.655424118 CET4434983134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.657978058 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.658129930 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.658143997 CET4434983134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.716064930 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.716128111 CET4434983335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.717060089 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.719566107 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.719577074 CET4434983335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.858506918 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.858549118 CET4434983635.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.859097958 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.860445023 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.860465050 CET4434983635.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.863020897 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.863063097 CET44349837151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.863488913 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.863596916 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.863610029 CET44349837151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.042785883 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.042834997 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.042898893 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.043029070 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.043041945 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.914760113 CET4434983134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.914853096 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.918464899 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.918474913 CET4434983134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.918862104 CET4434983134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.921514034 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.921626091 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.921681881 CET4434983134.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.921823025 CET49831443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.943355083 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.975295067 CET4434983335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.975394011 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.979080915 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.979101896 CET4434983335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.979190111 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.979273081 CET4434983335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.980166912 CET49833443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.062952042 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.120120049 CET4434983635.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.120219946 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.122798920 CET44349837151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.122896910 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.125761032 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.125771046 CET44349837151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.126017094 CET44349837151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.128853083 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.128870010 CET4434983635.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.129019022 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.129071951 CET4434983635.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.129515886 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.129566908 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.129674911 CET44349837151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.134263039 CET49836443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.134285927 CET49837443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.137985945 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.138025045 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140084982 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140114069 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140718937 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140872002 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140875101 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140883923 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.140991926 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.141002893 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.142781973 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.142818928 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.144823074 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.144973040 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.144989014 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.149754047 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.149781942 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.149882078 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.149996042 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.150012016 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.252785921 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.252872944 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.255997896 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.256006002 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.256264925 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.259110928 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.259233952 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.259279013 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.259408951 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.266875029 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.269875050 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.319192886 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.389333010 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.593204975 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.635682106 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.350714922 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.350810051 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.353959084 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.353976011 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.354226112 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.357268095 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.357382059 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.357438087 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.357559919 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.361567020 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.401434898 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.401536942 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.404628992 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.404640913 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.405004025 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.405606031 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.405692101 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.408577919 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.408591032 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.408971071 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.411432981 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.411660910 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.411739111 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.412017107 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.412066936 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.412224054 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.412256956 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.412525892 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.443730116 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.452104092 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.455364943 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.455388069 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.455703020 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.462615967 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.462724924 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.462829113 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.465651035 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.481070995 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.685420036 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.688587904 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.738928080 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.808206081 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:04.011917114 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:04.055422068 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.742561102 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.742618084 CET4434985734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.743359089 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.744961977 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.744993925 CET4434985734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.000924110 CET4434985734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.001003027 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.005772114 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.005779028 CET4434985734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.005903959 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.005958080 CET4434985734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.007499933 CET49857443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.009629011 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.129117012 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.338013887 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.343785048 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.387392998 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.463278055 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.667272091 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.719538927 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:17.346991062 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:17.466552019 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:17.679266930 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:17.798758030 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.249449968 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.249476910 CET4434990434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.254403114 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.256128073 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.256139994 CET4434990434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.477117062 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.596554041 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.809257030 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.928715944 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.559276104 CET4434990434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.559597969 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.563581944 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.563590050 CET4434990434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.563746929 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.563797951 CET4434990434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.564728022 CET49904443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.566797972 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.855007887 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.963392973 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.966725111 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:29.012820005 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:29.086205959 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:29.290007114 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:29.344954014 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.280782938 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.280821085 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281052113 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281096935 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281364918 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281399012 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281500101 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281527042 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281626940 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281637907 CET4434991834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281753063 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281764030 CET4434991934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.281991005 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282006979 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282006979 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282033920 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282041073 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282041073 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282170057 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282187939 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282325029 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282341957 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282387018 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282403946 CET4434991934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282443047 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282455921 CET4434991834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282502890 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282515049 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282556057 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.282566071 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.494801998 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.495301962 CET4434991934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.496011972 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.496129990 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.497410059 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.497411013 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.497411013 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.498012066 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.500998020 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.501030922 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.501358986 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.503675938 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.503700972 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.503999949 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.505914927 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.505928040 CET4434991934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.506228924 CET4434991934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.508274078 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.508291006 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.508565903 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.513602018 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.513607025 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.513907909 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.513907909 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.513978004 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.513986111 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.514142036 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.514168024 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.514193058 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.514307976 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.514343023 CET4434991934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.514976978 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.515018940 CET4434992434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.515152931 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.515212059 CET4434992534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.515496969 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.515569925 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.515661955 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.518906116 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.518923998 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519253969 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519282103 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519292116 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519306898 CET49919443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519357920 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519361019 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519552946 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519556046 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519566059 CET4434992434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519639969 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.519658089 CET4434992534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.527523994 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.540414095 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.543490887 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.546916008 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.546927929 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.547171116 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.549179077 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.549349070 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.550384998 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.550395966 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.550599098 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.550614119 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.551702023 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.585748911 CET4434991834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.586016893 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.589189053 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.589201927 CET4434991834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.589535952 CET4434991834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.591926098 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.592066050 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.592118025 CET4434991834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.592895031 CET49918443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.647726059 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.719338894 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.719408989 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.851736069 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.855868101 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.896591902 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.975380898 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.179131985 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.228821039 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.735019922 CET4434992534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.735110998 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.738733053 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.738740921 CET4434992534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.739023924 CET4434992534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.741789103 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.741942883 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.741991997 CET4434992534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.742989063 CET49925443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.745457888 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.776218891 CET4434992434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.776321888 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.780029058 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.780040026 CET4434992434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.780307055 CET4434992434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.783354044 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.783541918 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.783557892 CET4434992434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.783744097 CET49924443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.864964008 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.069024086 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.072592020 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.115879059 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.192152977 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.398262978 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.448050022 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:44.077481031 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:44.196973085 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:44.416239023 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:44.535943031 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:54.207336903 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:54.326770067 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:54.545972109 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:54.665455103 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:04.330924988 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:04.450373888 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:04.678642988 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:04.798508883 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.835025072 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.835059881 CET4435000434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.835400105 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.836931944 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.836947918 CET4435000434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.047620058 CET4435000434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.047811031 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.054228067 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.054239988 CET4435000434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.054330111 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.054586887 CET4435000434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.055279970 CET50004443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.057132959 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.176573038 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.380680084 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.384355068 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.421102047 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.503793001 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.707654953 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.755820036 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:20.384650946 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:20.504816055 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:20.716811895 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:20.836618900 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:30.515450954 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:30.635035992 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:30.847682953 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:30.967165947 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:40.645745039 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:40.765336990 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:40.977904081 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:41.097457886 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:50.775732994 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:50.895613909 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:51.107805014 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:51.227370977 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:00.906137943 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:01.025743961 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:01.238270998 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:01.357914925 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:11.036138058 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:11.155719995 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:11.368298054 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:11.487862110 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:21.168829918 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:21.288412094 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:21.491803885 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:21.611624002 CET804976334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:31.297372103 CET4976580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:31.417251110 CET804976534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:31.613866091 CET4976380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:31.733603954 CET804976334.107.221.82192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.609343052 CET5604053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.752172947 CET53560401.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.755913019 CET5305353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.894933939 CET53530531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:33.861370087 CET4957553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:33.861660004 CET5341253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.356372118 CET6076153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.446687937 CET5016953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.446765900 CET53534121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448329926 CET5799253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.494563103 CET6314453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.496226072 CET53607611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.496872902 CET5750153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.586607933 CET53501691.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.588443041 CET53579921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.589373112 CET5101853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.590675116 CET5399253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.625412941 CET5959453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.634243011 CET53631441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.636368036 CET53575011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.639815092 CET4953553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.735549927 CET6278853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.987386942 CET53510181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.987410069 CET53539921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.988312006 CET5759353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.988749027 CET5838653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.007191896 CET53495351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.007797956 CET5738253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.008053064 CET53595941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.129343033 CET53583861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.130496025 CET5737353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.133609056 CET53575931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.134193897 CET5337453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.147476912 CET53573821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.269670010 CET53573731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.272926092 CET53533741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.274105072 CET6190153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.413563013 CET53619011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.588752985 CET53509781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.168031931 CET5886653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.168493032 CET6013053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.285729885 CET6251953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.307964087 CET53601301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.307977915 CET53588661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.707947016 CET5942353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.847347975 CET53594231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.851304054 CET6411053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.991388083 CET53641101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.992898941 CET6231153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.131988049 CET53623111.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.265688896 CET6043453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.278795004 CET4926253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.417561054 CET53492621.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.420133114 CET4948953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.559528112 CET53494891.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.560291052 CET5797953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.699292898 CET53579791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:46.542351961 CET6399553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:46.686743021 CET53639951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.307774067 CET4972953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.450171947 CET4999053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.589548111 CET53499901.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.590600014 CET5746853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.730098963 CET53574681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.778116941 CET6532453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.917686939 CET53653241.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.919176102 CET6488453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.060659885 CET53648841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.061459064 CET5058653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.200911999 CET53505861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.776813984 CET6213553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.867381096 CET5549953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.916094065 CET53621351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.006748915 CET53554991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.762748003 CET5082353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.763088942 CET4916853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.763154984 CET5895753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET53508231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902765036 CET53589571.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902937889 CET4924253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.903476000 CET5452353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.908586979 CET53491681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.909424067 CET5935453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET53492421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.043117046 CET53545231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.047816992 CET5727053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.048132896 CET5586253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.048751116 CET53593541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.049200058 CET5069353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.186885118 CET53572701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.187602997 CET53558621.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.188388109 CET5766553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.189100981 CET6169253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.189141035 CET53506931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328516960 CET53576651.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328789949 CET53616921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.329729080 CET5917753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.330343962 CET6048753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.471021891 CET53604871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.472045898 CET5834453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.531339884 CET53591771.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.532320976 CET6499353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.611408949 CET53583441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.743957043 CET53649931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.650528908 CET4970653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.716953039 CET5955353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.857470036 CET53595531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.858932018 CET5091253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.862272978 CET53497061.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.864043951 CET6084453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.999496937 CET53509121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.003556013 CET6154553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.006673098 CET53608441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.007239103 CET6445653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.042566061 CET5417653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.143413067 CET53615451.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.184313059 CET53541761.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.185065985 CET5851753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.215434074 CET53644561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.324135065 CET53585171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.601059914 CET6138653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.741489887 CET53613861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.742939949 CET5309453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.882282972 CET53530941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.249320984 CET5271353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.389106989 CET53527131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.556150913 CET4980753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.696166039 CET53498071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.277678967 CET5550053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.416812897 CET53555001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.694514036 CET6476553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.833854914 CET53647651.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.835282087 CET6108153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.974658012 CET53610811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.057368994 CET5811253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.381822109 CET4983553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.522099018 CET53498351.1.1.1192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.609343052 CET192.168.2.61.1.1.10xe50aStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.755913019 CET192.168.2.61.1.1.10x606cStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:33.861370087 CET192.168.2.61.1.1.10x4ebStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:33.861660004 CET192.168.2.61.1.1.10xa368Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.356372118 CET192.168.2.61.1.1.10xecf4Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.446687937 CET192.168.2.61.1.1.10xebd9Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.448329926 CET192.168.2.61.1.1.10x3fc4Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.494563103 CET192.168.2.61.1.1.10x2049Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.496872902 CET192.168.2.61.1.1.10xde49Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.589373112 CET192.168.2.61.1.1.10x7d04Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.590675116 CET192.168.2.61.1.1.10xfc48Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.625412941 CET192.168.2.61.1.1.10x2762Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.639815092 CET192.168.2.61.1.1.10x54d9Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.735549927 CET192.168.2.61.1.1.10x865eStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.988312006 CET192.168.2.61.1.1.10x2d66Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.988749027 CET192.168.2.61.1.1.10xb97bStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.007797956 CET192.168.2.61.1.1.10x9621Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.130496025 CET192.168.2.61.1.1.10xe800Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.134193897 CET192.168.2.61.1.1.10x923eStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.274105072 CET192.168.2.61.1.1.10x97daStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.168031931 CET192.168.2.61.1.1.10x32c5Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.168493032 CET192.168.2.61.1.1.10x3c3dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.285729885 CET192.168.2.61.1.1.10xeb4dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.707947016 CET192.168.2.61.1.1.10x92a3Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.851304054 CET192.168.2.61.1.1.10x6cb9Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.992898941 CET192.168.2.61.1.1.10x459dStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.265688896 CET192.168.2.61.1.1.10x56bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.278795004 CET192.168.2.61.1.1.10xda86Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.420133114 CET192.168.2.61.1.1.10x3eedStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.560291052 CET192.168.2.61.1.1.10x17b9Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:46.542351961 CET192.168.2.61.1.1.10x4171Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.307774067 CET192.168.2.61.1.1.10x8fb6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.450171947 CET192.168.2.61.1.1.10xb2aStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.590600014 CET192.168.2.61.1.1.10xb79bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.778116941 CET192.168.2.61.1.1.10x414dStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.919176102 CET192.168.2.61.1.1.10x4fe0Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.061459064 CET192.168.2.61.1.1.10x81a0Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.776813984 CET192.168.2.61.1.1.10x22c7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.867381096 CET192.168.2.61.1.1.10x1a02Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.762748003 CET192.168.2.61.1.1.10x1394Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.763088942 CET192.168.2.61.1.1.10x1391Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.763154984 CET192.168.2.61.1.1.10x65c4Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902937889 CET192.168.2.61.1.1.10x4173Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.903476000 CET192.168.2.61.1.1.10x5052Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.909424067 CET192.168.2.61.1.1.10xd633Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.047816992 CET192.168.2.61.1.1.10x947dStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.048132896 CET192.168.2.61.1.1.10xd31dStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.049200058 CET192.168.2.61.1.1.10xf0deStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.188388109 CET192.168.2.61.1.1.10x177dStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.189100981 CET192.168.2.61.1.1.10xb633Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.329729080 CET192.168.2.61.1.1.10x6e5cStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.330343962 CET192.168.2.61.1.1.10xd3dbStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.472045898 CET192.168.2.61.1.1.10xf95Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.532320976 CET192.168.2.61.1.1.10x4caStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.650528908 CET192.168.2.61.1.1.10x9506Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.716953039 CET192.168.2.61.1.1.10xbed1Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.858932018 CET192.168.2.61.1.1.10xd444Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.864043951 CET192.168.2.61.1.1.10x1849Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.003556013 CET192.168.2.61.1.1.10xa0f0Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.007239103 CET192.168.2.61.1.1.10x4209Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.042566061 CET192.168.2.61.1.1.10x26caStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.185065985 CET192.168.2.61.1.1.10xb9dcStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.601059914 CET192.168.2.61.1.1.10x497eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.742939949 CET192.168.2.61.1.1.10x95d4Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.249320984 CET192.168.2.61.1.1.10x1bffStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.556150913 CET192.168.2.61.1.1.10x97d8Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.277678967 CET192.168.2.61.1.1.10xc553Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.694514036 CET192.168.2.61.1.1.10x85eeStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.835282087 CET192.168.2.61.1.1.10xa53cStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.057368994 CET192.168.2.61.1.1.10x6a68Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.381822109 CET192.168.2.61.1.1.10x6130Standard query (0)example.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:18.128035069 CET1.1.1.1192.168.2.60xd1bbNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:18.128035069 CET1.1.1.1192.168.2.60xd1bbNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.590221882 CET1.1.1.1192.168.2.60xf790No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:32.752172947 CET1.1.1.1192.168.2.60xe50aNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.354407072 CET1.1.1.1192.168.2.60x4ebNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.354407072 CET1.1.1.1192.168.2.60x4ebNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.446765900 CET1.1.1.1192.168.2.60xa368No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.496226072 CET1.1.1.1192.168.2.60xecf4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.586607933 CET1.1.1.1192.168.2.60xebd9No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.588443041 CET1.1.1.1192.168.2.60x3fc4No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.626367092 CET1.1.1.1192.168.2.60x50e3No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.626367092 CET1.1.1.1192.168.2.60x50e3No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.634243011 CET1.1.1.1192.168.2.60x2049No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.634243011 CET1.1.1.1192.168.2.60x2049No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.636368036 CET1.1.1.1192.168.2.60xde49No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.987386942 CET1.1.1.1192.168.2.60x7d04No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.987410069 CET1.1.1.1192.168.2.60xfc48No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.007191896 CET1.1.1.1192.168.2.60x54d9No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.008053064 CET1.1.1.1192.168.2.60x2762No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.008053064 CET1.1.1.1192.168.2.60x2762No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.008053064 CET1.1.1.1192.168.2.60x2762No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.078234911 CET1.1.1.1192.168.2.60x865eNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.133609056 CET1.1.1.1192.168.2.60x2d66No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.269670010 CET1.1.1.1192.168.2.60xe800No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.413563013 CET1.1.1.1192.168.2.60x97daNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.307964087 CET1.1.1.1192.168.2.60x3c3dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.307964087 CET1.1.1.1192.168.2.60x3c3dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.307977915 CET1.1.1.1192.168.2.60x32c5No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.426971912 CET1.1.1.1192.168.2.60xeb4dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.426971912 CET1.1.1.1192.168.2.60xeb4dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.847347975 CET1.1.1.1192.168.2.60x92a3No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.991388083 CET1.1.1.1192.168.2.60x6cb9No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.406064034 CET1.1.1.1192.168.2.60x56bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.406064034 CET1.1.1.1192.168.2.60x56bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.417561054 CET1.1.1.1192.168.2.60xda86No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.417561054 CET1.1.1.1192.168.2.60xda86No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.417561054 CET1.1.1.1192.168.2.60xda86No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.559528112 CET1.1.1.1192.168.2.60x3eedNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.126749992 CET1.1.1.1192.168.2.60xfbb0No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.126749992 CET1.1.1.1192.168.2.60xfbb0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.446645021 CET1.1.1.1192.168.2.60x360No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.447715044 CET1.1.1.1192.168.2.60x8fb6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.447715044 CET1.1.1.1192.168.2.60x8fb6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.589548111 CET1.1.1.1192.168.2.60xb2aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.917686939 CET1.1.1.1192.168.2.60x414dNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.917686939 CET1.1.1.1192.168.2.60x414dNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.060659885 CET1.1.1.1192.168.2.60x4fe0No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.482506037 CET1.1.1.1192.168.2.60xf97fNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902100086 CET1.1.1.1192.168.2.60x1394No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902765036 CET1.1.1.1192.168.2.60x65c4No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.902765036 CET1.1.1.1192.168.2.60x65c4No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.908586979 CET1.1.1.1192.168.2.60x1391No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.908586979 CET1.1.1.1192.168.2.60x1391No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.042766094 CET1.1.1.1192.168.2.60x4173No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.043117046 CET1.1.1.1192.168.2.60x5052No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.048751116 CET1.1.1.1192.168.2.60xd633No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.186885118 CET1.1.1.1192.168.2.60x947dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.186885118 CET1.1.1.1192.168.2.60x947dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.186885118 CET1.1.1.1192.168.2.60x947dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.186885118 CET1.1.1.1192.168.2.60x947dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.187602997 CET1.1.1.1192.168.2.60xd31dNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.189141035 CET1.1.1.1192.168.2.60xf0deNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328516960 CET1.1.1.1192.168.2.60x177dNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328516960 CET1.1.1.1192.168.2.60x177dNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328516960 CET1.1.1.1192.168.2.60x177dNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328516960 CET1.1.1.1192.168.2.60x177dNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328516960 CET1.1.1.1192.168.2.60x177dNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.328789949 CET1.1.1.1192.168.2.60xb633No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.471021891 CET1.1.1.1192.168.2.60xd3dbNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.531339884 CET1.1.1.1192.168.2.60x6e5cNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.531339884 CET1.1.1.1192.168.2.60x6e5cNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.531339884 CET1.1.1.1192.168.2.60x6e5cNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.531339884 CET1.1.1.1192.168.2.60x6e5cNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.857470036 CET1.1.1.1192.168.2.60xbed1No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.857470036 CET1.1.1.1192.168.2.60xbed1No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.862272978 CET1.1.1.1192.168.2.60x9506No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.862272978 CET1.1.1.1192.168.2.60x9506No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.862272978 CET1.1.1.1192.168.2.60x9506No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.862272978 CET1.1.1.1192.168.2.60x9506No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:00.999496937 CET1.1.1.1192.168.2.60xd444No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.006673098 CET1.1.1.1192.168.2.60x1849No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.006673098 CET1.1.1.1192.168.2.60x1849No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.006673098 CET1.1.1.1192.168.2.60x1849No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.006673098 CET1.1.1.1192.168.2.60x1849No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.041532993 CET1.1.1.1192.168.2.60xc976No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.041532993 CET1.1.1.1192.168.2.60xc976No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.184313059 CET1.1.1.1192.168.2.60x26caNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.215434074 CET1.1.1.1192.168.2.60x4209No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.215434074 CET1.1.1.1192.168.2.60x4209No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.215434074 CET1.1.1.1192.168.2.60x4209No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.215434074 CET1.1.1.1192.168.2.60x4209No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.847109079 CET1.1.1.1192.168.2.60x1fa5No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.847109079 CET1.1.1.1192.168.2.60x1fa5No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:05.741489887 CET1.1.1.1192.168.2.60x497eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.696166039 CET1.1.1.1192.168.2.60x97d8No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:31.271353006 CET1.1.1.1192.168.2.60x6c77No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:08.833854914 CET1.1.1.1192.168.2.60x85eeNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.197446108 CET1.1.1.1192.168.2.60x6a68No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.197446108 CET1.1.1.1192.168.2.60x6a68No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.522099018 CET1.1.1.1192.168.2.60x6130No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                        • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                        0192.168.2.64974734.107.221.82805128C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:34.497277021 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:35.628537893 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 73454
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                        1192.168.2.64976334.107.221.82805128C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.549755096 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.681643963 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71513
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.402115107 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:39.725291014 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71514
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.306041002 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.629571915 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71522
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.793868065 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.117507935 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71522
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.496411085 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.820967913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71524
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.052798986 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.376282930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71529
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.922461033 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:56.245796919 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71531
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.269875050 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.593204975 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71537
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.688587904 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:04.011917114 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71538
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.343785048 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.667272091 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71542
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:17.679266930 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.809257030 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.966725111 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:29.290007114 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71564
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.855868101 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.179131985 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71568
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.072592020 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.398262978 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71569
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:44.416239023 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:54.545972109 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:04.678642988 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.384355068 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.707654953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 71605
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:20.716811895 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:30.847682953 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:40.977904081 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:51.107805014 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:01.238270998 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                        2192.168.2.64976534.107.221.82805128C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:37.771759987 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:38.749285936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78474
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.263052940 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:43.586777925 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78479
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.319804907 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:47.643465996 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78483
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:48.979403019 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:49.303734064 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78485
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:53.724349976 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:54.048139095 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78489
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.593967915 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:47:55.918442011 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78491
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:01.943355083 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:02.266875029 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78498
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.361567020 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:03.685420036 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78499
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.009629011 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:07.338013887 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78503
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:17.346991062 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:27.477117062 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.566797972 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:28.963392973 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78524
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.527523994 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:32.851736069 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78528
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:33.745457888 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:34.069024086 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78529
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:44.077481031 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:48:54.207336903 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:04.330924988 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.057132959 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:10.380680084 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                        Date: Fri, 27 Dec 2024 10:59:44 GMT
                                                                                                                                                                                                                                                                                                                                                                        Age: 78566
                                                                                                                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:20.384650946 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:30.515450954 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:40.645745039 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:49:50.775732994 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                        Dec 28, 2024 09:50:00.906137943 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:21
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\rpDOUhuBC5.exe"
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7a0000
                                                                                                                                                                                                                                                                                                                                                                        File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:1F856D82C95FCEF4439C2C9D442E44F4
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:23
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x700000
                                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:23
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:26
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x700000
                                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:26
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:26
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x700000
                                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:26
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:27
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x700000
                                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:27
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:27
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                        Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x700000
                                                                                                                                                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:27
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:27
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:28
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:28
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:29
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd16ed0-4054-4436-b362-dc6f5d23b61d} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a5db6e510 socket
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:32
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 3872 -prefMapHandle 3944 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb856fbc-54fb-4491-a5b4-616ae0b029ea} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a7168cb10 rdd
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                                                                                                                        Start time:03:47:46
                                                                                                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4996 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4992 -prefMapHandle 4968 -prefsLen 33093 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4751dff7-103a-4a3a-83fa-63f5327aa984} 5128 "\\.\pipe\gecko-crash-server-pipe.5128" 20a777a9710 utility
                                                                                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                                                                                          Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                          Signature Coverage:4.1%
                                                                                                                                                                                                                                                                                                                                                                          Total number of Nodes:1748
                                                                                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:46
                                                                                                                                                                                                                                                                                                                                                                          execution_graph 96811 7fd35f 96812 7fd30c 96811->96812 96812->96811 96814 80df27 SHGetFolderPathW 96812->96814 96815 7a6b57 22 API calls 96814->96815 96816 80df54 96815->96816 96816->96812 96817 7fd79f 96818 7a3b1c 3 API calls 96817->96818 96819 7fd7bf 96818->96819 96822 7a9c6e 22 API calls 96819->96822 96821 7fd7ef 96821->96821 96822->96821 96823 7a105b 96828 7a344d 96823->96828 96825 7a106a 96859 7c00a3 29 API calls __onexit 96825->96859 96827 7a1074 96829 7a345d __wsopen_s 96828->96829 96830 7aa961 22 API calls 96829->96830 96831 7a3513 96830->96831 96832 7a3a5a 24 API calls 96831->96832 96833 7a351c 96832->96833 96860 7a3357 96833->96860 96836 7a33c6 22 API calls 96837 7a3535 96836->96837 96838 7a515f 22 API calls 96837->96838 96839 7a3544 96838->96839 96840 7aa961 22 API calls 96839->96840 96841 7a354d 96840->96841 96842 7aa6c3 22 API calls 96841->96842 96843 7a3556 RegOpenKeyExW 96842->96843 96844 7a3578 96843->96844 96845 7e3176 RegQueryValueExW 96843->96845 96844->96825 96846 7e320c RegCloseKey 96845->96846 96847 7e3193 96845->96847 96846->96844 96858 7e321e _wcslen 96846->96858 96848 7bfe0b 22 API calls 96847->96848 96849 7e31ac 96848->96849 96851 7a5722 22 API calls 96849->96851 96850 7a4c6d 22 API calls 96850->96858 96852 7e31b7 RegQueryValueExW 96851->96852 96853 7e31d4 96852->96853 96855 7e31ee messages 96852->96855 96854 7a6b57 22 API calls 96853->96854 96854->96855 96855->96846 96856 7a9cb3 22 API calls 96856->96858 96857 7a515f 22 API calls 96857->96858 96858->96844 96858->96850 96858->96856 96858->96857 96859->96827 96861 7e1f50 __wsopen_s 96860->96861 96862 7a3364 GetFullPathNameW 96861->96862 96863 7a3386 96862->96863 96864 7a6b57 22 API calls 96863->96864 96865 7a33a4 96864->96865 96865->96836 96866 7a1098 96871 7a42de 96866->96871 96870 7a10a7 96872 7aa961 22 API calls 96871->96872 96873 7a42f5 GetVersionExW 96872->96873 96874 7a6b57 22 API calls 96873->96874 96875 7a4342 96874->96875 96876 7a93b2 22 API calls 96875->96876 96890 7a4378 96875->96890 96877 7a436c 96876->96877 96878 7a37a0 22 API calls 96877->96878 96878->96890 96879 7a441b GetCurrentProcess IsWow64Process 96880 7a4437 96879->96880 96881 7a444f LoadLibraryA 96880->96881 96882 7e3824 GetSystemInfo 96880->96882 96883 7a449c GetSystemInfo 96881->96883 96884 7a4460 GetProcAddress 96881->96884 96885 7a4476 96883->96885 96884->96883 96887 7a4470 GetNativeSystemInfo 96884->96887 96888 7a447a FreeLibrary 96885->96888 96889 7a109d 96885->96889 96886 7e37df 96887->96885 96888->96889 96891 7c00a3 29 API calls __onexit 96889->96891 96890->96879 96890->96886 96891->96870 96892 7bf698 96893 7bf6c3 96892->96893 96894 7bf6a2 96892->96894 96900 7ff2f8 96893->96900 96909 804d4a 22 API calls messages 96893->96909 96901 7aaf8a 96894->96901 96896 7bf6b2 96898 7aaf8a 22 API calls 96896->96898 96899 7bf6c2 96898->96899 96902 7aaf98 96901->96902 96908 7aafc0 messages 96901->96908 96903 7aafa6 96902->96903 96904 7aaf8a 22 API calls 96902->96904 96905 7aafac 96903->96905 96906 7aaf8a 22 API calls 96903->96906 96904->96903 96905->96908 96910 7ab090 96905->96910 96906->96905 96908->96896 96909->96893 96911 7ab09b messages 96910->96911 96913 7ab0d6 messages 96911->96913 96914 7bce17 22 API calls messages 96911->96914 96913->96908 96914->96913 95132 7fd27a GetUserNameW 95133 7fd292 95132->95133 96915 7fd29a 96918 80de27 WSAStartup 96915->96918 96917 7fd2a5 96919 80de50 gethostname gethostbyname 96918->96919 96920 80dee6 96918->96920 96919->96920 96921 80de73 __fread_nolock 96919->96921 96920->96917 96922 80dea5 inet_ntoa 96921->96922 96926 80de87 96921->96926 96924 80debe _strcat 96922->96924 96923 80dede WSACleanup 96923->96920 96927 80ebd1 96924->96927 96926->96923 96928 80ebe0 _strlen 96927->96928 96929 80ec37 96927->96929 96930 80ebef MultiByteToWideChar 96928->96930 96929->96926 96930->96929 96931 80ec04 96930->96931 96932 7bfe0b 22 API calls 96931->96932 96933 80ec20 MultiByteToWideChar 96932->96933 96933->96929 95134 7adefc 95137 7a1d6f 95134->95137 95136 7adf07 95138 7a1d8c 95137->95138 95146 7a1f6f 95138->95146 95140 7a1da6 95141 7e2759 95140->95141 95143 7a1dc2 95140->95143 95144 7a1e36 95140->95144 95150 81359c 82 API calls __wsopen_s 95141->95150 95143->95144 95149 7a289a 23 API calls 95143->95149 95144->95136 95151 7aec40 95146->95151 95148 7a1f98 95148->95140 95149->95144 95150->95144 95172 7aec76 messages 95151->95172 95152 7c0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95152->95172 95153 7bfddb 22 API calls 95153->95172 95154 7afef7 95167 7aed9d messages 95154->95167 95238 7aa8c7 22 API calls __fread_nolock 95154->95238 95157 7f4600 95157->95167 95237 7aa8c7 22 API calls __fread_nolock 95157->95237 95158 7f4b0b 95240 81359c 82 API calls __wsopen_s 95158->95240 95164 7aa8c7 22 API calls 95164->95172 95165 7afbe3 95165->95167 95168 7f4bdc 95165->95168 95174 7af3ae messages 95165->95174 95166 7aa961 22 API calls 95166->95172 95167->95148 95241 81359c 82 API calls __wsopen_s 95168->95241 95169 7c00a3 29 API calls pre_c_initialization 95169->95172 95171 7f4beb 95242 81359c 82 API calls __wsopen_s 95171->95242 95172->95152 95172->95153 95172->95154 95172->95157 95172->95158 95172->95164 95172->95165 95172->95166 95172->95167 95172->95169 95172->95171 95173 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95172->95173 95172->95174 95175 7b01e0 95172->95175 95236 7b06a0 41 API calls messages 95172->95236 95173->95172 95174->95167 95239 81359c 82 API calls __wsopen_s 95174->95239 95176 7b0206 95175->95176 95191 7b027e 95175->95191 95177 7f5411 95176->95177 95178 7b0213 95176->95178 95318 827b7e 348 API calls 2 library calls 95177->95318 95185 7b021d 95178->95185 95186 7f5435 95178->95186 95179 7f5405 95317 81359c 82 API calls __wsopen_s 95179->95317 95181 7aec40 348 API calls 95181->95191 95184 7f5466 95187 7f5493 95184->95187 95188 7f5471 95184->95188 95235 7b0230 messages 95185->95235 95381 7aa8c7 22 API calls __fread_nolock 95185->95381 95186->95184 95190 7f544d 95186->95190 95243 825689 95187->95243 95320 827b7e 348 API calls 2 library calls 95188->95320 95189 7b0405 95189->95172 95319 81359c 82 API calls __wsopen_s 95190->95319 95191->95181 95191->95189 95198 7f51b9 95191->95198 95208 7b03f9 95191->95208 95217 7f51ce messages 95191->95217 95218 7b0344 95191->95218 95225 7b03b2 messages 95191->95225 95196 7f5332 95196->95235 95316 7aa8c7 22 API calls __fread_nolock 95196->95316 95313 81359c 82 API calls __wsopen_s 95198->95313 95201 7f568a 95203 7f56c0 95201->95203 95416 827771 67 API calls 95201->95416 95202 7f5532 95321 811119 22 API calls 95202->95321 95207 7aaceb 23 API calls 95203->95207 95230 7b0273 messages 95207->95230 95208->95189 95312 81359c 82 API calls __wsopen_s 95208->95312 95209 7f5668 95383 7a7510 95209->95383 95210 7f54b9 95250 810acc 95210->95250 95211 7f569e 95215 7a7510 53 API calls 95211->95215 95229 7f56a6 _wcslen 95215->95229 95216 7f5544 95322 7aa673 22 API calls 95216->95322 95217->95225 95217->95230 95314 81359c 82 API calls __wsopen_s 95217->95314 95218->95208 95311 7b04f0 22 API calls 95218->95311 95220 7b03a5 95220->95208 95220->95225 95224 7f554d 95232 810acc 22 API calls 95224->95232 95225->95179 95225->95196 95225->95230 95225->95235 95315 7ba308 348 API calls 95225->95315 95226 7f5670 _wcslen 95226->95201 95406 7aaceb 95226->95406 95229->95203 95231 7aaceb 23 API calls 95229->95231 95230->95172 95231->95203 95233 7f5566 95232->95233 95323 7abf40 95233->95323 95235->95201 95235->95230 95382 827632 54 API calls __wsopen_s 95235->95382 95236->95172 95237->95167 95238->95167 95239->95167 95240->95167 95241->95171 95242->95167 95244 7f549e 95243->95244 95245 8256a4 95243->95245 95244->95202 95244->95210 95417 7bfe0b 95245->95417 95248 8256c6 95248->95244 95427 7bfddb 95248->95427 95437 810a59 95248->95437 95251 810ada 95250->95251 95253 7f54e3 95250->95253 95252 7bfddb 22 API calls 95251->95252 95251->95253 95252->95253 95254 7b1310 95253->95254 95255 7b17b0 95254->95255 95256 7b1376 95254->95256 95495 7c0242 5 API calls __Init_thread_wait 95255->95495 95257 7b1390 95256->95257 95258 7f6331 95256->95258 95456 7b1940 95257->95456 95261 7f633d 95258->95261 95505 82709c 348 API calls 95258->95505 95261->95235 95263 7b17ba 95264 7b17fb 95263->95264 95496 7a9cb3 95263->95496 95269 7f6346 95264->95269 95271 7b182c 95264->95271 95267 7b1940 9 API calls 95268 7b13b6 95267->95268 95268->95264 95270 7b13ec 95268->95270 95506 81359c 82 API calls __wsopen_s 95269->95506 95270->95269 95285 7b1408 __fread_nolock 95270->95285 95273 7aaceb 23 API calls 95271->95273 95276 7b1839 95273->95276 95274 7b17d4 95502 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95274->95502 95275 7f6369 95275->95235 95503 7bd217 348 API calls 95276->95503 95279 7f636e 95507 81359c 82 API calls __wsopen_s 95279->95507 95281 7b153c 95284 7b1940 9 API calls 95281->95284 95282 7f63d1 95509 825745 54 API calls _wcslen 95282->95509 95286 7b1549 95284->95286 95285->95275 95285->95276 95285->95279 95287 7bfddb 22 API calls 95285->95287 95289 7bfe0b 22 API calls 95285->95289 95293 7aec40 348 API calls 95285->95293 95294 7b152f 95285->95294 95296 7f63b2 95285->95296 95291 7b1940 9 API calls 95286->95291 95295 7f64fa 95286->95295 95287->95285 95288 7b1872 95504 7bfaeb 23 API calls 95288->95504 95289->95285 95297 7b1563 95291->95297 95293->95285 95294->95281 95294->95282 95295->95275 95511 81359c 82 API calls __wsopen_s 95295->95511 95508 81359c 82 API calls __wsopen_s 95296->95508 95297->95295 95301 7b15c7 messages 95297->95301 95510 7aa8c7 22 API calls __fread_nolock 95297->95510 95300 7b1940 9 API calls 95300->95301 95301->95275 95301->95288 95301->95295 95301->95300 95303 7b167b messages 95301->95303 95466 815c5a 95301->95466 95471 82a2ea 95301->95471 95476 831591 95301->95476 95479 7bf645 95301->95479 95486 82ab67 95301->95486 95489 82abf7 95301->95489 95302 7b171d 95302->95235 95303->95302 95494 7bce17 22 API calls messages 95303->95494 95311->95220 95312->95230 95313->95217 95314->95225 95315->95225 95316->95235 95317->95177 95318->95235 95319->95230 95320->95235 95321->95216 95322->95224 95704 7aadf0 95323->95704 95325 7abf9d 95326 7abfa9 95325->95326 95327 7f04b6 95325->95327 95329 7f04c6 95326->95329 95330 7ac01e 95326->95330 95722 81359c 82 API calls __wsopen_s 95327->95722 95723 81359c 82 API calls __wsopen_s 95329->95723 95709 7aac91 95330->95709 95333 807120 22 API calls 95377 7ac039 __fread_nolock messages 95333->95377 95334 7ac7da 95339 7bfe0b 22 API calls 95334->95339 95338 7f04f5 95344 7f055a 95338->95344 95724 7bd217 348 API calls 95338->95724 95343 7ac808 __fread_nolock 95339->95343 95348 7bfe0b 22 API calls 95343->95348 95366 7ac603 95344->95366 95725 81359c 82 API calls __wsopen_s 95344->95725 95345 7aec40 348 API calls 95345->95377 95346 7aaf8a 22 API calls 95346->95377 95347 7f091a 95734 813209 23 API calls 95347->95734 95378 7ac350 __fread_nolock messages 95348->95378 95351 7f08a5 95352 7aec40 348 API calls 95351->95352 95353 7f08cf 95352->95353 95353->95366 95732 7aa81b 41 API calls 95353->95732 95355 7f0591 95726 81359c 82 API calls __wsopen_s 95355->95726 95358 7f08f6 95733 81359c 82 API calls __wsopen_s 95358->95733 95361 7abbe0 40 API calls 95361->95377 95362 7aaceb 23 API calls 95362->95377 95363 7ac237 95364 7ac253 95363->95364 95735 7aa8c7 22 API calls __fread_nolock 95363->95735 95367 7f0976 95364->95367 95372 7ac297 messages 95364->95372 95366->95235 95370 7aaceb 23 API calls 95367->95370 95368 7bfddb 22 API calls 95368->95377 95371 7f09bf 95370->95371 95371->95366 95736 81359c 82 API calls __wsopen_s 95371->95736 95372->95371 95373 7aaceb 23 API calls 95372->95373 95374 7ac335 95373->95374 95374->95371 95375 7ac342 95374->95375 95720 7aa704 22 API calls messages 95375->95720 95377->95333 95377->95334 95377->95338 95377->95343 95377->95344 95377->95345 95377->95346 95377->95347 95377->95351 95377->95355 95377->95358 95377->95361 95377->95362 95377->95363 95377->95366 95377->95368 95377->95371 95379 7bfe0b 22 API calls 95377->95379 95713 7aad81 95377->95713 95727 807099 22 API calls __fread_nolock 95377->95727 95728 825745 54 API calls _wcslen 95377->95728 95729 7baa42 22 API calls messages 95377->95729 95730 80f05c 40 API calls 95377->95730 95731 7aa993 41 API calls 95377->95731 95380 7ac3ac 95378->95380 95721 7bce17 22 API calls messages 95378->95721 95379->95377 95380->95235 95381->95235 95382->95209 95384 7a7522 95383->95384 95385 7a7525 95383->95385 95384->95226 95386 7a755b 95385->95386 95387 7a752d 95385->95387 95389 7e50f6 95386->95389 95392 7a756d 95386->95392 95397 7e500f 95386->95397 95751 7c51c6 26 API calls 95387->95751 95754 7c5183 26 API calls 95389->95754 95390 7a753d 95396 7bfddb 22 API calls 95390->95396 95752 7bfb21 51 API calls 95392->95752 95393 7e510e 95393->95393 95398 7a7547 95396->95398 95400 7bfe0b 22 API calls 95397->95400 95405 7e5088 95397->95405 95399 7a9cb3 22 API calls 95398->95399 95399->95384 95401 7e5058 95400->95401 95402 7bfddb 22 API calls 95401->95402 95403 7e507f 95402->95403 95404 7a9cb3 22 API calls 95403->95404 95404->95405 95753 7bfb21 51 API calls 95405->95753 95407 7aacf9 95406->95407 95415 7aad2a messages 95406->95415 95408 7aad55 95407->95408 95410 7aad01 messages 95407->95410 95408->95415 95755 7aa8c7 22 API calls __fread_nolock 95408->95755 95411 7efa48 95410->95411 95412 7aad21 95410->95412 95410->95415 95411->95415 95756 7bce17 22 API calls messages 95411->95756 95414 7efa3a VariantClear 95412->95414 95412->95415 95414->95415 95415->95201 95416->95211 95420 7bfddb 95417->95420 95419 7bfdfa 95419->95248 95420->95419 95424 7bfdfc 95420->95424 95441 7cea0c 95420->95441 95448 7c4ead 7 API calls 2 library calls 95420->95448 95422 7c066d 95450 7c32a4 RaiseException 95422->95450 95424->95422 95449 7c32a4 RaiseException 95424->95449 95425 7c068a 95425->95248 95429 7bfde0 95427->95429 95428 7cea0c ___std_exception_copy 21 API calls 95428->95429 95429->95428 95430 7bfdfa 95429->95430 95433 7bfdfc 95429->95433 95453 7c4ead 7 API calls 2 library calls 95429->95453 95430->95248 95432 7c066d 95455 7c32a4 RaiseException 95432->95455 95433->95432 95454 7c32a4 RaiseException 95433->95454 95435 7c068a 95435->95248 95438 810a7a 95437->95438 95439 7bfddb 22 API calls 95438->95439 95440 810a85 95438->95440 95439->95440 95440->95248 95447 7d3820 _abort 95441->95447 95442 7d385e 95452 7cf2d9 20 API calls _abort 95442->95452 95444 7d3849 RtlAllocateHeap 95445 7d385c 95444->95445 95444->95447 95445->95420 95447->95442 95447->95444 95451 7c4ead 7 API calls 2 library calls 95447->95451 95448->95420 95449->95422 95450->95425 95451->95447 95452->95445 95453->95429 95454->95432 95455->95435 95457 7b195d 95456->95457 95458 7b1981 95456->95458 95465 7b13a0 95457->95465 95514 7c0242 5 API calls __Init_thread_wait 95457->95514 95512 7c0242 5 API calls __Init_thread_wait 95458->95512 95461 7b198b 95461->95457 95513 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95461->95513 95462 7b8727 95462->95465 95515 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95462->95515 95465->95267 95467 7a7510 53 API calls 95466->95467 95468 815c6d 95467->95468 95516 80dbbe lstrlenW 95468->95516 95470 815c77 95470->95301 95472 7a7510 53 API calls 95471->95472 95473 82a306 95472->95473 95521 80d4dc CreateToolhelp32Snapshot Process32FirstW 95473->95521 95475 82a315 95475->95301 95542 832ad8 95476->95542 95478 83159f 95478->95301 95576 7ab567 95479->95576 95481 7bf659 95482 7ff2dc Sleep 95481->95482 95483 7bf661 timeGetTime 95481->95483 95484 7ab567 39 API calls 95483->95484 95485 7bf677 95484->95485 95485->95301 95582 82aff9 95486->95582 95490 82aff9 217 API calls 95489->95490 95492 82ac0c 95490->95492 95491 82ac54 95491->95301 95492->95491 95493 7aaceb 23 API calls 95492->95493 95493->95491 95494->95303 95495->95263 95497 7a9cc2 _wcslen 95496->95497 95498 7bfe0b 22 API calls 95497->95498 95499 7a9cea __fread_nolock 95498->95499 95500 7bfddb 22 API calls 95499->95500 95501 7a9d00 95500->95501 95501->95274 95502->95264 95503->95288 95504->95288 95505->95261 95506->95275 95507->95275 95508->95275 95509->95297 95510->95301 95511->95275 95512->95461 95513->95457 95514->95462 95515->95465 95517 80dc06 95516->95517 95518 80dbdc GetFileAttributesW 95516->95518 95517->95470 95518->95517 95519 80dbe8 FindFirstFileW 95518->95519 95519->95517 95520 80dbf9 FindClose 95519->95520 95520->95517 95531 80def7 95521->95531 95523 80d529 Process32NextW 95524 80d5db CloseHandle 95523->95524 95528 80d522 95523->95528 95524->95475 95525 7aa961 22 API calls 95525->95528 95526 7a9cb3 22 API calls 95526->95528 95528->95523 95528->95524 95528->95525 95528->95526 95537 7a525f 22 API calls 95528->95537 95538 7a6350 22 API calls 95528->95538 95539 7bce60 41 API calls 95528->95539 95536 80df02 95531->95536 95532 80df19 95541 7c62fb 39 API calls _strftime 95532->95541 95535 80df1f 95535->95528 95536->95532 95536->95535 95540 7c63b2 GetStringTypeW _strftime 95536->95540 95537->95528 95538->95528 95539->95528 95540->95536 95541->95535 95543 7aaceb 23 API calls 95542->95543 95544 832af3 95543->95544 95545 832aff 95544->95545 95546 832b1d 95544->95546 95547 7a7510 53 API calls 95545->95547 95553 7a6b57 95546->95553 95549 832b0c 95547->95549 95551 832b1b 95549->95551 95552 7aa8c7 22 API calls __fread_nolock 95549->95552 95551->95478 95552->95551 95554 7a6b67 _wcslen 95553->95554 95555 7e4ba1 95553->95555 95558 7a6b7d 95554->95558 95559 7a6ba2 95554->95559 95566 7a93b2 95555->95566 95557 7e4baa 95557->95557 95565 7a6f34 22 API calls 95558->95565 95561 7bfddb 22 API calls 95559->95561 95563 7a6bae 95561->95563 95562 7a6b85 __fread_nolock 95562->95551 95564 7bfe0b 22 API calls 95563->95564 95564->95562 95565->95562 95567 7a93c0 95566->95567 95568 7a93c9 __fread_nolock 95566->95568 95567->95568 95570 7aaec9 95567->95570 95568->95557 95568->95568 95571 7aaedc 95570->95571 95575 7aaed9 __fread_nolock 95570->95575 95572 7bfddb 22 API calls 95571->95572 95573 7aaee7 95572->95573 95574 7bfe0b 22 API calls 95573->95574 95574->95575 95575->95568 95577 7ab578 95576->95577 95578 7ab57f 95576->95578 95577->95578 95581 7c62d1 39 API calls _strftime 95577->95581 95578->95481 95580 7ab5c2 95580->95481 95581->95580 95583 82b01d ___scrt_fastfail 95582->95583 95584 82b094 95583->95584 95585 82b058 95583->95585 95589 7ab567 39 API calls 95584->95589 95590 82b08b 95584->95590 95586 7ab567 39 API calls 95585->95586 95587 82b063 95586->95587 95587->95590 95593 7ab567 39 API calls 95587->95593 95588 82b0ed 95591 7a7510 53 API calls 95588->95591 95592 82b0a5 95589->95592 95590->95588 95594 7ab567 39 API calls 95590->95594 95595 82b10b 95591->95595 95596 7ab567 39 API calls 95592->95596 95597 82b078 95593->95597 95594->95588 95673 7a7620 95595->95673 95596->95590 95599 7ab567 39 API calls 95597->95599 95599->95590 95600 82b115 95601 82b1d8 95600->95601 95602 82b11f 95600->95602 95603 82b20a GetCurrentDirectoryW 95601->95603 95607 7a7510 53 API calls 95601->95607 95604 7a7510 53 API calls 95602->95604 95605 7bfe0b 22 API calls 95603->95605 95606 82b130 95604->95606 95608 82b22f GetCurrentDirectoryW 95605->95608 95609 7a7620 22 API calls 95606->95609 95610 82b1ef 95607->95610 95614 82b23c 95608->95614 95611 82b13a 95609->95611 95612 7a7620 22 API calls 95610->95612 95613 7a7510 53 API calls 95611->95613 95617 82b1f9 _wcslen 95612->95617 95616 82b14b 95613->95616 95615 82b275 95614->95615 95680 7a9c6e 22 API calls 95614->95680 95624 82b287 95615->95624 95625 82b28b 95615->95625 95619 7a7620 22 API calls 95616->95619 95617->95603 95617->95615 95621 82b155 95619->95621 95620 82b255 95681 7a9c6e 22 API calls 95620->95681 95623 7a7510 53 API calls 95621->95623 95627 82b166 95623->95627 95630 82b39a CreateProcessW 95624->95630 95631 82b2f8 95624->95631 95683 8107c0 10 API calls 95625->95683 95626 82b265 95682 7a9c6e 22 API calls 95626->95682 95633 7a7620 22 API calls 95627->95633 95629 82b294 95684 8106e6 10 API calls 95629->95684 95672 82b32f _wcslen 95630->95672 95686 8011c8 39 API calls 95631->95686 95636 82b170 95633->95636 95639 82b1a6 GetSystemDirectoryW 95636->95639 95644 7a7510 53 API calls 95636->95644 95637 82b2aa 95685 8105a7 8 API calls 95637->95685 95638 82b2fd 95642 82b323 95638->95642 95643 82b32a 95638->95643 95641 7bfe0b 22 API calls 95639->95641 95646 82b1cb GetSystemDirectoryW 95641->95646 95687 801201 128 API calls 2 library calls 95642->95687 95688 8014ce 6 API calls 95643->95688 95648 82b187 95644->95648 95645 82b2d0 95645->95624 95646->95614 95651 7a7620 22 API calls 95648->95651 95650 82b328 95650->95672 95654 82b191 _wcslen 95651->95654 95652 82b3d6 GetLastError 95662 82b41a 95652->95662 95653 82b42f CloseHandle 95655 82b43f 95653->95655 95663 82b49a 95653->95663 95654->95614 95654->95639 95656 82b451 95655->95656 95657 82b446 CloseHandle 95655->95657 95659 82b463 95656->95659 95660 82b458 CloseHandle 95656->95660 95657->95656 95664 82b475 95659->95664 95665 82b46a CloseHandle 95659->95665 95660->95659 95661 82b4a6 95661->95662 95677 810175 95662->95677 95663->95661 95668 82b4d2 CloseHandle 95663->95668 95689 8109d9 34 API calls 95664->95689 95665->95664 95668->95662 95670 82b486 95690 82b536 25 API calls 95670->95690 95672->95652 95672->95653 95674 7a762a _wcslen 95673->95674 95675 7bfe0b 22 API calls 95674->95675 95676 7a763f 95675->95676 95676->95600 95691 81030f 95677->95691 95680->95620 95681->95626 95682->95615 95683->95629 95684->95637 95685->95645 95686->95638 95687->95650 95688->95672 95689->95670 95690->95663 95692 810321 CloseHandle 95691->95692 95693 810329 95691->95693 95692->95693 95694 810336 95693->95694 95695 81032e CloseHandle 95693->95695 95696 810343 95694->95696 95697 81033b CloseHandle 95694->95697 95695->95694 95698 810350 95696->95698 95699 810348 CloseHandle 95696->95699 95697->95696 95700 810355 CloseHandle 95698->95700 95701 81035d 95698->95701 95699->95698 95700->95701 95702 810362 CloseHandle 95701->95702 95703 81017d 95701->95703 95702->95703 95703->95301 95705 7aae01 95704->95705 95708 7aae1c messages 95704->95708 95706 7aaec9 22 API calls 95705->95706 95707 7aae09 CharUpperBuffW 95706->95707 95707->95708 95708->95325 95710 7aacae 95709->95710 95711 7aacd1 95710->95711 95737 81359c 82 API calls __wsopen_s 95710->95737 95711->95377 95714 7efadb 95713->95714 95715 7aad92 95713->95715 95716 7bfddb 22 API calls 95715->95716 95717 7aad99 95716->95717 95738 7aadcd 95717->95738 95720->95378 95721->95378 95722->95329 95723->95366 95724->95344 95725->95366 95726->95366 95727->95377 95728->95377 95729->95377 95730->95377 95731->95377 95732->95358 95733->95366 95734->95363 95735->95364 95736->95366 95737->95711 95744 7aaddd 95738->95744 95739 7aadb6 95739->95377 95740 7bfddb 22 API calls 95740->95744 95743 7aadcd 22 API calls 95743->95744 95744->95739 95744->95740 95744->95743 95745 7aa961 95744->95745 95750 7aa8c7 22 API calls __fread_nolock 95744->95750 95746 7bfe0b 22 API calls 95745->95746 95747 7aa976 95746->95747 95748 7bfddb 22 API calls 95747->95748 95749 7aa984 95748->95749 95749->95744 95750->95744 95751->95390 95752->95390 95753->95389 95754->95393 95755->95415 95756->95415 95757 7c03fb 95758 7c0407 ___DestructExceptionObject 95757->95758 95786 7bfeb1 95758->95786 95760 7c040e 95761 7c0561 95760->95761 95764 7c0438 95760->95764 95816 7c083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95761->95816 95763 7c0568 95809 7c4e52 95763->95809 95773 7c0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95764->95773 95797 7d247d 95764->95797 95771 7c0457 95777 7c04d8 95773->95777 95812 7c4e1a 38 API calls 2 library calls 95773->95812 95775 7c04de 95778 7c04f3 95775->95778 95805 7c0959 95777->95805 95813 7c0992 GetModuleHandleW 95778->95813 95780 7c04fa 95780->95763 95781 7c04fe 95780->95781 95782 7c0507 95781->95782 95814 7c4df5 28 API calls _abort 95781->95814 95815 7c0040 13 API calls 2 library calls 95782->95815 95785 7c050f 95785->95771 95787 7bfeba 95786->95787 95818 7c0698 IsProcessorFeaturePresent 95787->95818 95789 7bfec6 95819 7c2c94 10 API calls 3 library calls 95789->95819 95791 7bfecb 95792 7bfecf 95791->95792 95820 7d2317 95791->95820 95792->95760 95795 7bfee6 95795->95760 95800 7d2494 95797->95800 95798 7c0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95799 7c0451 95798->95799 95799->95771 95801 7d2421 95799->95801 95800->95798 95802 7d2450 95801->95802 95803 7c0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95802->95803 95804 7d2479 95803->95804 95804->95773 95895 7c2340 95805->95895 95808 7c097f 95808->95775 95897 7c4bcf 95809->95897 95812->95777 95813->95780 95814->95782 95815->95785 95816->95763 95818->95789 95819->95791 95824 7dd1f6 95820->95824 95823 7c2cbd 8 API calls 3 library calls 95823->95792 95825 7dd213 95824->95825 95828 7dd20f 95824->95828 95825->95828 95830 7d4bfb 95825->95830 95827 7bfed8 95827->95795 95827->95823 95842 7c0a8c 95828->95842 95831 7d4c07 ___DestructExceptionObject 95830->95831 95849 7d2f5e EnterCriticalSection 95831->95849 95833 7d4c0e 95850 7d50af 95833->95850 95835 7d4c1d 95841 7d4c2c 95835->95841 95863 7d4a8f 29 API calls 95835->95863 95838 7d4c27 95864 7d4b45 GetStdHandle GetFileType 95838->95864 95839 7d4c3d __fread_nolock 95839->95825 95865 7d4c48 LeaveCriticalSection _abort 95841->95865 95843 7c0a95 95842->95843 95844 7c0a97 IsProcessorFeaturePresent 95842->95844 95843->95827 95846 7c0c5d 95844->95846 95894 7c0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95846->95894 95848 7c0d40 95848->95827 95849->95833 95851 7d50bb ___DestructExceptionObject 95850->95851 95852 7d50df 95851->95852 95853 7d50c8 95851->95853 95866 7d2f5e EnterCriticalSection 95852->95866 95874 7cf2d9 20 API calls _abort 95853->95874 95856 7d50cd 95875 7d27ec 26 API calls _abort 95856->95875 95858 7d50d7 __fread_nolock 95858->95835 95859 7d5117 95876 7d513e LeaveCriticalSection _abort 95859->95876 95861 7d50eb 95861->95859 95867 7d5000 95861->95867 95863->95838 95864->95841 95865->95839 95866->95861 95877 7d4c7d 95867->95877 95869 7d5012 95873 7d501f 95869->95873 95884 7d3405 11 API calls 2 library calls 95869->95884 95871 7d5071 95871->95861 95885 7d29c8 95873->95885 95874->95856 95875->95858 95876->95858 95882 7d4c8a _abort 95877->95882 95878 7d4cca 95892 7cf2d9 20 API calls _abort 95878->95892 95879 7d4cb5 RtlAllocateHeap 95880 7d4cc8 95879->95880 95879->95882 95880->95869 95882->95878 95882->95879 95891 7c4ead 7 API calls 2 library calls 95882->95891 95884->95869 95886 7d29d3 RtlFreeHeap 95885->95886 95890 7d29fc __dosmaperr 95885->95890 95887 7d29e8 95886->95887 95886->95890 95893 7cf2d9 20 API calls _abort 95887->95893 95889 7d29ee GetLastError 95889->95890 95890->95871 95891->95882 95892->95880 95893->95889 95894->95848 95896 7c096c GetStartupInfoW 95895->95896 95896->95808 95898 7c4bdb _abort 95897->95898 95899 7c4bf4 95898->95899 95900 7c4be2 95898->95900 95921 7d2f5e EnterCriticalSection 95899->95921 95936 7c4d29 GetModuleHandleW 95900->95936 95903 7c4be7 95903->95899 95937 7c4d6d GetModuleHandleExW 95903->95937 95907 7c4c70 95915 7d2421 _abort 5 API calls 95907->95915 95918 7c4c88 95907->95918 95909 7c4cb6 95928 7c4ce8 95909->95928 95910 7c4ce2 95945 7e1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 95910->95945 95911 7c4bfb 95911->95907 95919 7c4c99 95911->95919 95922 7d21a8 95911->95922 95915->95918 95916 7d2421 _abort 5 API calls 95916->95919 95918->95916 95925 7c4cd9 95919->95925 95921->95911 95946 7d1ee1 95922->95946 95965 7d2fa6 LeaveCriticalSection 95925->95965 95927 7c4cb2 95927->95909 95927->95910 95966 7d360c 95928->95966 95931 7c4d16 95934 7c4d6d _abort 8 API calls 95931->95934 95932 7c4cf6 GetPEB 95932->95931 95933 7c4d06 GetCurrentProcess TerminateProcess 95932->95933 95933->95931 95935 7c4d1e ExitProcess 95934->95935 95936->95903 95938 7c4dba 95937->95938 95939 7c4d97 GetProcAddress 95937->95939 95940 7c4dc9 95938->95940 95941 7c4dc0 FreeLibrary 95938->95941 95942 7c4dac 95939->95942 95943 7c0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95940->95943 95941->95940 95942->95938 95944 7c4bf3 95943->95944 95944->95899 95949 7d1e90 95946->95949 95948 7d1f05 95948->95907 95950 7d1e9c ___DestructExceptionObject 95949->95950 95957 7d2f5e EnterCriticalSection 95950->95957 95952 7d1eaa 95958 7d1f31 95952->95958 95956 7d1ec8 __fread_nolock 95956->95948 95957->95952 95961 7d1f59 95958->95961 95963 7d1f51 95958->95963 95959 7c0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95960 7d1eb7 95959->95960 95964 7d1ed5 LeaveCriticalSection _abort 95960->95964 95962 7d29c8 _free 20 API calls 95961->95962 95961->95963 95962->95963 95963->95959 95964->95956 95965->95927 95967 7d3627 95966->95967 95968 7d3631 95966->95968 95970 7c0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95967->95970 95973 7d2fd7 5 API calls 2 library calls 95968->95973 95971 7c4cf2 95970->95971 95971->95931 95971->95932 95972 7d3648 95972->95967 95973->95972 95974 7afe73 95981 7bceb1 95974->95981 95976 7afe89 95990 7bcf92 95976->95990 95978 7afeb3 96002 81359c 82 API calls __wsopen_s 95978->96002 95980 7f4ab8 95982 7bcebf 95981->95982 95983 7bced2 95981->95983 95984 7aaceb 23 API calls 95982->95984 95985 7bced7 95983->95985 95986 7bcf05 95983->95986 95989 7bcec9 95984->95989 95987 7bfddb 22 API calls 95985->95987 95988 7aaceb 23 API calls 95986->95988 95987->95989 95988->95989 95989->95976 96003 7a6270 95990->96003 95992 7bcfc9 95993 7a9cb3 22 API calls 95992->95993 95995 7bcffa 95992->95995 95994 7fd166 95993->95994 96008 7a6350 22 API calls 95994->96008 95995->95978 95997 7fd171 96009 7bd2f0 40 API calls 95997->96009 95999 7fd184 96000 7aaceb 23 API calls 95999->96000 96001 7fd188 95999->96001 96000->96001 96001->96001 96002->95980 96004 7bfe0b 22 API calls 96003->96004 96005 7a6295 96004->96005 96006 7bfddb 22 API calls 96005->96006 96007 7a62a3 96006->96007 96007->95992 96008->95997 96009->95999 96010 7a1033 96015 7a4c91 96010->96015 96014 7a1042 96016 7aa961 22 API calls 96015->96016 96017 7a4cff 96016->96017 96023 7a3af0 96017->96023 96020 7a4d9c 96021 7a1038 96020->96021 96026 7a51f7 22 API calls __fread_nolock 96020->96026 96022 7c00a3 29 API calls __onexit 96021->96022 96022->96014 96027 7a3b1c 96023->96027 96026->96020 96028 7a3b0f 96027->96028 96029 7a3b29 96027->96029 96028->96020 96029->96028 96030 7a3b30 RegOpenKeyExW 96029->96030 96030->96028 96031 7a3b4a RegQueryValueExW 96030->96031 96032 7a3b6b 96031->96032 96033 7a3b80 RegCloseKey 96031->96033 96032->96033 96033->96028 96034 7f3f75 96035 7bceb1 23 API calls 96034->96035 96036 7f3f8b 96035->96036 96037 7f4006 96036->96037 96045 7be300 23 API calls 96036->96045 96040 7abf40 348 API calls 96037->96040 96039 7f3fe6 96043 7f4052 96039->96043 96046 811abf 22 API calls 96039->96046 96040->96043 96042 7f4a88 96043->96042 96047 81359c 82 API calls __wsopen_s 96043->96047 96045->96039 96046->96037 96047->96042 96934 7fd255 96935 7a3b1c 3 API calls 96934->96935 96936 7fd275 96935->96936 96936->96936 96937 7a3156 96940 7a3170 96937->96940 96941 7a3187 96940->96941 96942 7a31e9 96941->96942 96943 7a31eb 96941->96943 96944 7a318c 96941->96944 96945 7a31d0 DefWindowProcW 96942->96945 96946 7e2dfb 96943->96946 96947 7a31f1 96943->96947 96948 7a3199 96944->96948 96949 7a3265 PostQuitMessage 96944->96949 96950 7a316a 96945->96950 96995 7a18e2 10 API calls 96946->96995 96951 7a31f8 96947->96951 96952 7a321d SetTimer RegisterWindowMessageW 96947->96952 96954 7e2e7c 96948->96954 96955 7a31a4 96948->96955 96949->96950 96956 7e2d9c 96951->96956 96957 7a3201 KillTimer 96951->96957 96952->96950 96959 7a3246 CreatePopupMenu 96952->96959 96998 80bf30 34 API calls ___scrt_fastfail 96954->96998 96960 7a31ae 96955->96960 96961 7e2e68 96955->96961 96963 7e2dd7 MoveWindow 96956->96963 96964 7e2da1 96956->96964 96965 7a30f2 Shell_NotifyIconW 96957->96965 96958 7e2e1c 96996 7be499 42 API calls 96958->96996 96959->96950 96968 7e2e4d 96960->96968 96969 7a31b9 96960->96969 96985 80c161 96961->96985 96963->96950 96971 7e2dc6 SetFocus 96964->96971 96972 7e2da7 96964->96972 96973 7a3214 96965->96973 96968->96945 96997 800ad7 22 API calls 96968->96997 96974 7a31c4 96969->96974 96975 7a3253 96969->96975 96970 7e2e8e 96970->96945 96970->96950 96971->96950 96972->96974 96976 7e2db0 96972->96976 96992 7a3c50 DeleteObject DestroyWindow 96973->96992 96974->96945 96982 7a30f2 Shell_NotifyIconW 96974->96982 96993 7a326f 44 API calls ___scrt_fastfail 96975->96993 96994 7a18e2 10 API calls 96976->96994 96981 7a3263 96981->96950 96983 7e2e41 96982->96983 96984 7a3837 49 API calls 96983->96984 96984->96942 96986 80c276 96985->96986 96987 80c179 ___scrt_fastfail 96985->96987 96986->96950 96988 7a3923 24 API calls 96987->96988 96990 80c1a0 96988->96990 96989 80c25f KillTimer SetTimer 96989->96986 96990->96989 96991 80c251 Shell_NotifyIconW 96990->96991 96991->96989 96992->96950 96993->96981 96994->96950 96995->96958 96996->96974 96997->96942 96998->96970 96048 7a2e37 96049 7aa961 22 API calls 96048->96049 96050 7a2e4d 96049->96050 96127 7a4ae3 96050->96127 96052 7a2e6b 96141 7a3a5a 96052->96141 96054 7a2e7f 96055 7a9cb3 22 API calls 96054->96055 96056 7a2e8c 96055->96056 96148 7a4ecb 96056->96148 96059 7a2ead 96170 7aa8c7 22 API calls __fread_nolock 96059->96170 96060 7e2cb0 96188 812cf9 96060->96188 96062 7e2cc3 96063 7e2ccf 96062->96063 96214 7a4f39 96062->96214 96068 7a4f39 68 API calls 96063->96068 96066 7a2ec3 96171 7a6f88 22 API calls 96066->96171 96070 7e2ce5 96068->96070 96069 7a2ecf 96071 7a9cb3 22 API calls 96069->96071 96220 7a3084 22 API calls 96070->96220 96072 7a2edc 96071->96072 96172 7aa81b 41 API calls 96072->96172 96074 7a2eec 96077 7a9cb3 22 API calls 96074->96077 96076 7e2d02 96221 7a3084 22 API calls 96076->96221 96079 7a2f12 96077->96079 96173 7aa81b 41 API calls 96079->96173 96080 7e2d1e 96082 7a3a5a 24 API calls 96080->96082 96083 7e2d44 96082->96083 96222 7a3084 22 API calls 96083->96222 96084 7a2f21 96087 7aa961 22 API calls 96084->96087 96086 7e2d50 96223 7aa8c7 22 API calls __fread_nolock 96086->96223 96089 7a2f3f 96087->96089 96174 7a3084 22 API calls 96089->96174 96090 7e2d5e 96224 7a3084 22 API calls 96090->96224 96093 7a2f4b 96175 7c4a28 40 API calls 3 library calls 96093->96175 96095 7e2d6d 96225 7aa8c7 22 API calls __fread_nolock 96095->96225 96096 7a2f59 96096->96070 96097 7a2f63 96096->96097 96176 7c4a28 40 API calls 3 library calls 96097->96176 96100 7a2f6e 96100->96076 96103 7a2f78 96100->96103 96101 7e2d83 96226 7a3084 22 API calls 96101->96226 96177 7c4a28 40 API calls 3 library calls 96103->96177 96104 7e2d90 96106 7a2f83 96106->96080 96107 7a2f8d 96106->96107 96178 7c4a28 40 API calls 3 library calls 96107->96178 96109 7a2f98 96110 7a2fdc 96109->96110 96179 7a3084 22 API calls 96109->96179 96110->96095 96111 7a2fe8 96110->96111 96111->96104 96182 7a63eb 22 API calls 96111->96182 96114 7a2fbf 96180 7aa8c7 22 API calls __fread_nolock 96114->96180 96116 7a2ff8 96183 7a6a50 22 API calls 96116->96183 96117 7a2fcd 96181 7a3084 22 API calls 96117->96181 96120 7a3006 96184 7a70b0 23 API calls 96120->96184 96124 7a3021 96125 7a3065 96124->96125 96185 7a6f88 22 API calls 96124->96185 96186 7a70b0 23 API calls 96124->96186 96187 7a3084 22 API calls 96124->96187 96128 7a4af0 __wsopen_s 96127->96128 96129 7a6b57 22 API calls 96128->96129 96130 7a4b22 96128->96130 96129->96130 96140 7a4b58 96130->96140 96227 7a4c6d 96130->96227 96132 7a9cb3 22 API calls 96134 7a4c52 96132->96134 96133 7a9cb3 22 API calls 96133->96140 96136 7a515f 22 API calls 96134->96136 96135 7a4c6d 22 API calls 96135->96140 96137 7a4c5e 96136->96137 96137->96052 96139 7a4c29 96139->96132 96139->96137 96140->96133 96140->96135 96140->96139 96230 7a515f 96140->96230 96236 7e1f50 96141->96236 96144 7a9cb3 22 API calls 96145 7a3a8d 96144->96145 96238 7a3aa2 96145->96238 96147 7a3a97 96147->96054 96258 7a4e90 LoadLibraryA 96148->96258 96153 7e3ccf 96156 7a4f39 68 API calls 96153->96156 96154 7a4ef6 LoadLibraryExW 96266 7a4e59 LoadLibraryA 96154->96266 96158 7e3cd6 96156->96158 96160 7a4e59 3 API calls 96158->96160 96161 7e3cde 96160->96161 96288 7a50f5 96161->96288 96162 7a4f20 96162->96161 96163 7a4f2c 96162->96163 96165 7a4f39 68 API calls 96163->96165 96167 7a2ea5 96165->96167 96167->96059 96167->96060 96169 7e3d05 96170->96066 96171->96069 96172->96074 96173->96084 96174->96093 96175->96096 96176->96100 96177->96106 96178->96109 96179->96114 96180->96117 96181->96110 96182->96116 96183->96120 96184->96124 96185->96124 96186->96124 96187->96124 96189 812d15 96188->96189 96190 7a511f 64 API calls 96189->96190 96191 812d29 96190->96191 96422 812e66 96191->96422 96194 812d3f 96194->96062 96195 7a50f5 40 API calls 96196 812d56 96195->96196 96197 7a50f5 40 API calls 96196->96197 96198 812d66 96197->96198 96199 7a50f5 40 API calls 96198->96199 96200 812d81 96199->96200 96201 7a50f5 40 API calls 96200->96201 96202 812d9c 96201->96202 96203 7a511f 64 API calls 96202->96203 96204 812db3 96203->96204 96205 7cea0c ___std_exception_copy 21 API calls 96204->96205 96206 812dba 96205->96206 96207 7cea0c ___std_exception_copy 21 API calls 96206->96207 96208 812dc4 96207->96208 96209 7a50f5 40 API calls 96208->96209 96210 812dd8 96209->96210 96211 8128fe 27 API calls 96210->96211 96212 812dee 96211->96212 96212->96194 96428 8122ce 79 API calls 96212->96428 96215 7a4f43 96214->96215 96217 7a4f4a 96214->96217 96429 7ce678 96215->96429 96218 7a4f6a FreeLibrary 96217->96218 96219 7a4f59 96217->96219 96218->96219 96219->96063 96220->96076 96221->96080 96222->96086 96223->96090 96224->96095 96225->96101 96226->96104 96228 7aaec9 22 API calls 96227->96228 96229 7a4c78 96228->96229 96229->96130 96231 7a516e 96230->96231 96235 7a518f __fread_nolock 96230->96235 96234 7bfe0b 22 API calls 96231->96234 96232 7bfddb 22 API calls 96233 7a51a2 96232->96233 96233->96140 96234->96235 96235->96232 96237 7a3a67 GetModuleFileNameW 96236->96237 96237->96144 96239 7e1f50 __wsopen_s 96238->96239 96240 7a3aaf GetFullPathNameW 96239->96240 96241 7a3ae9 96240->96241 96242 7a3ace 96240->96242 96252 7aa6c3 96241->96252 96243 7a6b57 22 API calls 96242->96243 96245 7a3ada 96243->96245 96248 7a37a0 96245->96248 96249 7a37ae 96248->96249 96250 7a93b2 22 API calls 96249->96250 96251 7a37c2 96250->96251 96251->96147 96253 7aa6dd 96252->96253 96254 7aa6d0 96252->96254 96255 7bfddb 22 API calls 96253->96255 96254->96245 96256 7aa6e7 96255->96256 96257 7bfe0b 22 API calls 96256->96257 96257->96254 96259 7a4ea8 GetProcAddress 96258->96259 96260 7a4ec6 96258->96260 96261 7a4eb8 96259->96261 96263 7ce5eb 96260->96263 96261->96260 96262 7a4ebf FreeLibrary 96261->96262 96262->96260 96296 7ce52a 96263->96296 96265 7a4eea 96265->96153 96265->96154 96267 7a4e6e GetProcAddress 96266->96267 96268 7a4e8d 96266->96268 96269 7a4e7e 96267->96269 96271 7a4f80 96268->96271 96269->96268 96270 7a4e86 FreeLibrary 96269->96270 96270->96268 96272 7bfe0b 22 API calls 96271->96272 96273 7a4f95 96272->96273 96348 7a5722 96273->96348 96275 7a4fa1 __fread_nolock 96276 7e3d1d 96275->96276 96277 7a50a5 96275->96277 96287 7a4fdc 96275->96287 96362 81304d 74 API calls 96276->96362 96351 7a42a2 CreateStreamOnHGlobal 96277->96351 96280 7e3d22 96282 7a511f 64 API calls 96280->96282 96281 7a50f5 40 API calls 96281->96287 96283 7e3d45 96282->96283 96284 7a50f5 40 API calls 96283->96284 96285 7a506e messages 96284->96285 96285->96162 96287->96280 96287->96281 96287->96285 96357 7a511f 96287->96357 96289 7a5107 96288->96289 96290 7e3d70 96288->96290 96384 7ce8c4 96289->96384 96293 8128fe 96405 81274e 96293->96405 96295 812919 96295->96169 96298 7ce536 ___DestructExceptionObject 96296->96298 96297 7ce544 96321 7cf2d9 20 API calls _abort 96297->96321 96298->96297 96300 7ce574 96298->96300 96302 7ce579 96300->96302 96303 7ce586 96300->96303 96301 7ce549 96322 7d27ec 26 API calls _abort 96301->96322 96323 7cf2d9 20 API calls _abort 96302->96323 96313 7d8061 96303->96313 96307 7ce58f 96308 7ce595 96307->96308 96309 7ce5a2 96307->96309 96324 7cf2d9 20 API calls _abort 96308->96324 96325 7ce5d4 LeaveCriticalSection __fread_nolock 96309->96325 96310 7ce554 __fread_nolock 96310->96265 96314 7d806d ___DestructExceptionObject 96313->96314 96326 7d2f5e EnterCriticalSection 96314->96326 96316 7d807b 96327 7d80fb 96316->96327 96320 7d80ac __fread_nolock 96320->96307 96321->96301 96322->96310 96323->96310 96324->96310 96325->96310 96326->96316 96335 7d811e 96327->96335 96328 7d8177 96329 7d4c7d _abort 20 API calls 96328->96329 96330 7d8180 96329->96330 96332 7d29c8 _free 20 API calls 96330->96332 96333 7d8189 96332->96333 96336 7d8088 96333->96336 96345 7d3405 11 API calls 2 library calls 96333->96345 96335->96328 96335->96336 96343 7c918d EnterCriticalSection 96335->96343 96344 7c91a1 LeaveCriticalSection 96335->96344 96340 7d80b7 96336->96340 96337 7d81a8 96346 7c918d EnterCriticalSection 96337->96346 96347 7d2fa6 LeaveCriticalSection 96340->96347 96342 7d80be 96342->96320 96343->96335 96344->96335 96345->96337 96346->96336 96347->96342 96349 7bfddb 22 API calls 96348->96349 96350 7a5734 96349->96350 96350->96275 96352 7a42d9 96351->96352 96353 7a42bc FindResourceExW 96351->96353 96352->96287 96353->96352 96354 7e35ba LoadResource 96353->96354 96354->96352 96355 7e35cf SizeofResource 96354->96355 96355->96352 96356 7e35e3 LockResource 96355->96356 96356->96352 96358 7a512e 96357->96358 96359 7e3d90 96357->96359 96363 7cece3 96358->96363 96362->96280 96366 7ceaaa 96363->96366 96365 7a513c 96365->96287 96369 7ceab6 ___DestructExceptionObject 96366->96369 96367 7ceac2 96379 7cf2d9 20 API calls _abort 96367->96379 96369->96367 96370 7ceae8 96369->96370 96381 7c918d EnterCriticalSection 96370->96381 96371 7ceac7 96380 7d27ec 26 API calls _abort 96371->96380 96374 7ceaf4 96382 7cec0a 62 API calls 2 library calls 96374->96382 96376 7ceb08 96383 7ceb27 LeaveCriticalSection __fread_nolock 96376->96383 96378 7cead2 __fread_nolock 96378->96365 96379->96371 96380->96378 96381->96374 96382->96376 96383->96378 96387 7ce8e1 96384->96387 96386 7a5118 96386->96293 96388 7ce8ed ___DestructExceptionObject 96387->96388 96389 7ce92d 96388->96389 96390 7ce900 ___scrt_fastfail 96388->96390 96391 7ce925 __fread_nolock 96388->96391 96402 7c918d EnterCriticalSection 96389->96402 96400 7cf2d9 20 API calls _abort 96390->96400 96391->96386 96394 7ce937 96403 7ce6f8 38 API calls 4 library calls 96394->96403 96396 7ce91a 96401 7d27ec 26 API calls _abort 96396->96401 96397 7ce94e 96404 7ce96c LeaveCriticalSection __fread_nolock 96397->96404 96400->96396 96401->96391 96402->96394 96403->96397 96404->96391 96408 7ce4e8 96405->96408 96407 81275d 96407->96295 96411 7ce469 96408->96411 96410 7ce505 96410->96407 96412 7ce48c 96411->96412 96413 7ce478 96411->96413 96418 7ce488 __alldvrm 96412->96418 96421 7d333f 11 API calls 2 library calls 96412->96421 96419 7cf2d9 20 API calls _abort 96413->96419 96415 7ce47d 96420 7d27ec 26 API calls _abort 96415->96420 96418->96410 96419->96415 96420->96418 96421->96418 96424 812e7a 96422->96424 96423 8128fe 27 API calls 96423->96424 96424->96423 96425 7a50f5 40 API calls 96424->96425 96426 812d3b 96424->96426 96427 7a511f 64 API calls 96424->96427 96425->96424 96426->96194 96426->96195 96427->96424 96428->96194 96430 7ce684 ___DestructExceptionObject 96429->96430 96431 7ce6aa 96430->96431 96432 7ce695 96430->96432 96441 7ce6a5 __fread_nolock 96431->96441 96442 7c918d EnterCriticalSection 96431->96442 96459 7cf2d9 20 API calls _abort 96432->96459 96434 7ce69a 96460 7d27ec 26 API calls _abort 96434->96460 96437 7ce6c6 96443 7ce602 96437->96443 96439 7ce6d1 96461 7ce6ee LeaveCriticalSection __fread_nolock 96439->96461 96441->96217 96442->96437 96444 7ce60f 96443->96444 96445 7ce624 96443->96445 96494 7cf2d9 20 API calls _abort 96444->96494 96451 7ce61f 96445->96451 96462 7cdc0b 96445->96462 96447 7ce614 96495 7d27ec 26 API calls _abort 96447->96495 96451->96439 96455 7ce646 96479 7d862f 96455->96479 96458 7d29c8 _free 20 API calls 96458->96451 96459->96434 96460->96441 96461->96441 96463 7cdc1f 96462->96463 96464 7cdc23 96462->96464 96468 7d4d7a 96463->96468 96464->96463 96465 7cd955 __fread_nolock 26 API calls 96464->96465 96466 7cdc43 96465->96466 96496 7d59be 62 API calls 5 library calls 96466->96496 96469 7ce640 96468->96469 96470 7d4d90 96468->96470 96472 7cd955 96469->96472 96470->96469 96471 7d29c8 _free 20 API calls 96470->96471 96471->96469 96473 7cd976 96472->96473 96474 7cd961 96472->96474 96473->96455 96497 7cf2d9 20 API calls _abort 96474->96497 96476 7cd966 96498 7d27ec 26 API calls _abort 96476->96498 96478 7cd971 96478->96455 96480 7d863e 96479->96480 96481 7d8653 96479->96481 96502 7cf2c6 20 API calls _abort 96480->96502 96482 7d868e 96481->96482 96487 7d867a 96481->96487 96504 7cf2c6 20 API calls _abort 96482->96504 96485 7d8643 96503 7cf2d9 20 API calls _abort 96485->96503 96499 7d8607 96487->96499 96488 7d8693 96505 7cf2d9 20 API calls _abort 96488->96505 96491 7ce64c 96491->96451 96491->96458 96492 7d869b 96506 7d27ec 26 API calls _abort 96492->96506 96494->96447 96495->96451 96496->96463 96497->96476 96498->96478 96507 7d8585 96499->96507 96501 7d862b 96501->96491 96502->96485 96503->96491 96504->96488 96505->96492 96506->96491 96508 7d8591 ___DestructExceptionObject 96507->96508 96518 7d5147 EnterCriticalSection 96508->96518 96510 7d859f 96511 7d85c6 96510->96511 96512 7d85d1 96510->96512 96519 7d86ae 96511->96519 96534 7cf2d9 20 API calls _abort 96512->96534 96515 7d85cc 96535 7d85fb LeaveCriticalSection __wsopen_s 96515->96535 96517 7d85ee __fread_nolock 96517->96501 96518->96510 96536 7d53c4 96519->96536 96521 7d86c4 96549 7d5333 21 API calls 2 library calls 96521->96549 96523 7d86be 96523->96521 96524 7d53c4 __wsopen_s 26 API calls 96523->96524 96533 7d86f6 96523->96533 96527 7d86ed 96524->96527 96525 7d53c4 __wsopen_s 26 API calls 96528 7d8702 CloseHandle 96525->96528 96526 7d871c 96529 7d873e 96526->96529 96550 7cf2a3 20 API calls __dosmaperr 96526->96550 96530 7d53c4 __wsopen_s 26 API calls 96527->96530 96528->96521 96531 7d870e GetLastError 96528->96531 96529->96515 96530->96533 96531->96521 96533->96521 96533->96525 96534->96515 96535->96517 96537 7d53d1 96536->96537 96540 7d53e6 96536->96540 96551 7cf2c6 20 API calls _abort 96537->96551 96539 7d53d6 96552 7cf2d9 20 API calls _abort 96539->96552 96543 7d540b 96540->96543 96553 7cf2c6 20 API calls _abort 96540->96553 96543->96523 96544 7d5416 96554 7cf2d9 20 API calls _abort 96544->96554 96545 7d53de 96545->96523 96547 7d541e 96555 7d27ec 26 API calls _abort 96547->96555 96549->96526 96550->96529 96551->96539 96552->96545 96553->96544 96554->96547 96555->96545 96556 832a55 96564 811ebc 96556->96564 96559 832a70 96566 8039c0 22 API calls 96559->96566 96561 832a7c 96567 80417d 22 API calls __fread_nolock 96561->96567 96563 832a87 96565 811ec3 IsWindow 96564->96565 96565->96559 96565->96563 96566->96561 96567->96563 96568 7a1cad SystemParametersInfoW 96569 7a2de3 96570 7a2df0 __wsopen_s 96569->96570 96571 7a2e09 96570->96571 96572 7e2c2b ___scrt_fastfail 96570->96572 96573 7a3aa2 23 API calls 96571->96573 96575 7e2c47 GetOpenFileNameW 96572->96575 96574 7a2e12 96573->96574 96585 7a2da5 96574->96585 96577 7e2c96 96575->96577 96579 7a6b57 22 API calls 96577->96579 96581 7e2cab 96579->96581 96581->96581 96582 7a2e27 96603 7a44a8 96582->96603 96586 7e1f50 __wsopen_s 96585->96586 96587 7a2db2 GetLongPathNameW 96586->96587 96588 7a6b57 22 API calls 96587->96588 96589 7a2dda 96588->96589 96590 7a3598 96589->96590 96591 7aa961 22 API calls 96590->96591 96592 7a35aa 96591->96592 96593 7a3aa2 23 API calls 96592->96593 96594 7a35b5 96593->96594 96595 7e32eb 96594->96595 96596 7a35c0 96594->96596 96600 7e330d 96595->96600 96638 7bce60 41 API calls 96595->96638 96597 7a515f 22 API calls 96596->96597 96599 7a35cc 96597->96599 96632 7a35f3 96599->96632 96602 7a35df 96602->96582 96604 7a4ecb 94 API calls 96603->96604 96605 7a44cd 96604->96605 96606 7e3833 96605->96606 96608 7a4ecb 94 API calls 96605->96608 96607 812cf9 80 API calls 96606->96607 96609 7e3848 96607->96609 96610 7a44e1 96608->96610 96611 7e384c 96609->96611 96612 7e3869 96609->96612 96610->96606 96613 7a44e9 96610->96613 96616 7a4f39 68 API calls 96611->96616 96617 7bfe0b 22 API calls 96612->96617 96614 7e3854 96613->96614 96615 7a44f5 96613->96615 96654 80da5a 82 API calls 96614->96654 96653 7a940c 136 API calls 2 library calls 96615->96653 96616->96614 96623 7e38ae 96617->96623 96620 7a2e31 96621 7e3862 96621->96612 96622 7a4f39 68 API calls 96626 7e3a5f 96622->96626 96623->96626 96629 7a9cb3 22 API calls 96623->96629 96639 7aa4a1 96623->96639 96647 7a3ff7 96623->96647 96655 80967e 22 API calls __fread_nolock 96623->96655 96656 8095ad 42 API calls _wcslen 96623->96656 96657 810b5a 22 API calls 96623->96657 96626->96622 96658 80989b 82 API calls __wsopen_s 96626->96658 96629->96623 96633 7a3605 96632->96633 96637 7a3624 __fread_nolock 96632->96637 96635 7bfe0b 22 API calls 96633->96635 96634 7bfddb 22 API calls 96636 7a363b 96634->96636 96635->96637 96636->96602 96637->96634 96638->96595 96640 7aa52b 96639->96640 96646 7aa4b1 __fread_nolock 96639->96646 96642 7bfe0b 22 API calls 96640->96642 96641 7bfddb 22 API calls 96643 7aa4b8 96641->96643 96642->96646 96644 7aa4d6 96643->96644 96645 7bfddb 22 API calls 96643->96645 96644->96623 96645->96644 96646->96641 96648 7a400a 96647->96648 96650 7a40ae 96647->96650 96649 7bfe0b 22 API calls 96648->96649 96652 7a403c 96648->96652 96649->96652 96650->96623 96651 7bfddb 22 API calls 96651->96652 96652->96650 96652->96651 96653->96620 96654->96621 96655->96623 96656->96623 96657->96623 96658->96626 96659 7e2ba5 96660 7e2baf 96659->96660 96661 7a2b25 96659->96661 96663 7a3a5a 24 API calls 96660->96663 96687 7a2b83 7 API calls 96661->96687 96664 7e2bb8 96663->96664 96666 7a9cb3 22 API calls 96664->96666 96669 7e2bc6 96666->96669 96668 7a2b2f 96674 7a2b44 96668->96674 96691 7a3837 96668->96691 96670 7e2bce 96669->96670 96671 7e2bf5 96669->96671 96705 7a33c6 96670->96705 96675 7a33c6 22 API calls 96671->96675 96679 7a2b5f 96674->96679 96701 7a30f2 96674->96701 96677 7e2bf1 GetForegroundWindow ShellExecuteW 96675->96677 96683 7e2c26 96677->96683 96684 7a2b66 SetCurrentDirectoryW 96679->96684 96681 7e2be7 96685 7a33c6 22 API calls 96681->96685 96683->96679 96686 7a2b7a 96684->96686 96685->96677 96715 7a2cd4 7 API calls 96687->96715 96689 7a2b2a 96690 7a2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96689->96690 96690->96668 96692 7a3862 ___scrt_fastfail 96691->96692 96716 7a4212 96692->96716 96695 7a38e8 96697 7e3386 Shell_NotifyIconW 96695->96697 96698 7a3906 Shell_NotifyIconW 96695->96698 96720 7a3923 96698->96720 96700 7a391c 96700->96674 96702 7a3154 96701->96702 96703 7a3104 ___scrt_fastfail 96701->96703 96702->96679 96704 7a3123 Shell_NotifyIconW 96703->96704 96704->96702 96706 7e30bb 96705->96706 96707 7a33dd 96705->96707 96709 7bfddb 22 API calls 96706->96709 96746 7a33ee 96707->96746 96711 7e30c5 _wcslen 96709->96711 96710 7a33e8 96714 7a6350 22 API calls 96710->96714 96712 7bfe0b 22 API calls 96711->96712 96713 7e30fe __fread_nolock 96712->96713 96714->96681 96715->96689 96717 7e35a4 96716->96717 96718 7a38b7 96716->96718 96717->96718 96719 7e35ad DestroyIcon 96717->96719 96718->96695 96742 80c874 42 API calls _strftime 96718->96742 96719->96718 96721 7a393f 96720->96721 96722 7a3a13 96720->96722 96723 7a6270 22 API calls 96721->96723 96722->96700 96724 7a394d 96723->96724 96725 7a395a 96724->96725 96726 7e3393 LoadStringW 96724->96726 96727 7a6b57 22 API calls 96725->96727 96728 7e33ad 96726->96728 96729 7a396f 96727->96729 96736 7a3994 ___scrt_fastfail 96728->96736 96744 7aa8c7 22 API calls __fread_nolock 96728->96744 96730 7a397c 96729->96730 96731 7e33c9 96729->96731 96730->96728 96732 7a3986 96730->96732 96745 7a6350 22 API calls 96731->96745 96743 7a6350 22 API calls 96732->96743 96739 7a39f9 Shell_NotifyIconW 96736->96739 96737 7e33d7 96737->96736 96738 7a33c6 22 API calls 96737->96738 96740 7e33f9 96738->96740 96739->96722 96741 7a33c6 22 API calls 96740->96741 96741->96736 96742->96695 96743->96736 96744->96736 96745->96737 96747 7a33fe _wcslen 96746->96747 96748 7e311d 96747->96748 96749 7a3411 96747->96749 96751 7bfddb 22 API calls 96748->96751 96756 7aa587 96749->96756 96753 7e3127 96751->96753 96752 7a341e __fread_nolock 96752->96710 96754 7bfe0b 22 API calls 96753->96754 96755 7e3157 __fread_nolock 96754->96755 96757 7aa59d 96756->96757 96760 7aa598 __fread_nolock 96756->96760 96758 7ef80f 96757->96758 96759 7bfe0b 22 API calls 96757->96759 96759->96760 96760->96752 96999 7e2402 97002 7a1410 96999->97002 97003 7a144f mciSendStringW 97002->97003 97004 7e24b8 DestroyWindow 97002->97004 97005 7a146b 97003->97005 97006 7a16c6 97003->97006 97017 7e24c4 97004->97017 97008 7a1479 97005->97008 97005->97017 97006->97005 97007 7a16d5 UnregisterHotKey 97006->97007 97007->97006 97035 7a182e 97008->97035 97011 7e2509 97016 7e252d 97011->97016 97018 7e251c FreeLibrary 97011->97018 97012 7e24d8 97012->97017 97041 7a6246 CloseHandle 97012->97041 97013 7e24e2 FindClose 97013->97017 97014 7a148e 97014->97016 97022 7a149c 97014->97022 97019 7e2541 VirtualFree 97016->97019 97024 7a1509 97016->97024 97017->97011 97017->97012 97017->97013 97018->97011 97019->97016 97020 7a14f8 CoUninitialize 97020->97024 97021 7e2589 97027 7e2598 messages 97021->97027 97042 8132eb 6 API calls messages 97021->97042 97022->97020 97024->97021 97025 7a1514 97024->97025 97039 7a1944 VirtualFreeEx CloseHandle 97025->97039 97030 7e2627 97027->97030 97043 8064d4 22 API calls messages 97027->97043 97029 7a153a 97029->97027 97031 7a161f 97029->97031 97031->97030 97032 7a166d 97031->97032 97032->97030 97040 7a1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97032->97040 97034 7a16c1 97036 7a183b 97035->97036 97037 7a1480 97036->97037 97044 80702a 22 API calls 97036->97044 97037->97011 97037->97014 97039->97029 97040->97034 97041->97012 97042->97021 97043->97027 97044->97036 97045 7a1044 97050 7a10f3 97045->97050 97047 7a104a 97086 7c00a3 29 API calls __onexit 97047->97086 97049 7a1054 97087 7a1398 97050->97087 97054 7a116a 97055 7aa961 22 API calls 97054->97055 97056 7a1174 97055->97056 97057 7aa961 22 API calls 97056->97057 97058 7a117e 97057->97058 97059 7aa961 22 API calls 97058->97059 97060 7a1188 97059->97060 97061 7aa961 22 API calls 97060->97061 97062 7a11c6 97061->97062 97063 7aa961 22 API calls 97062->97063 97064 7a1292 97063->97064 97097 7a171c 97064->97097 97068 7a12c4 97069 7aa961 22 API calls 97068->97069 97070 7a12ce 97069->97070 97071 7b1940 9 API calls 97070->97071 97072 7a12f9 97071->97072 97118 7a1aab 97072->97118 97074 7a1315 97075 7a1325 GetStdHandle 97074->97075 97076 7a137a 97075->97076 97077 7e2485 97075->97077 97080 7a1387 OleInitialize 97076->97080 97077->97076 97078 7e248e 97077->97078 97079 7bfddb 22 API calls 97078->97079 97081 7e2495 97079->97081 97080->97047 97125 81011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97081->97125 97083 7e249e 97126 810944 CreateThread 97083->97126 97085 7e24aa CloseHandle 97085->97076 97086->97049 97127 7a13f1 97087->97127 97090 7a13f1 22 API calls 97091 7a13d0 97090->97091 97092 7aa961 22 API calls 97091->97092 97093 7a13dc 97092->97093 97094 7a6b57 22 API calls 97093->97094 97095 7a1129 97094->97095 97096 7a1bc3 6 API calls 97095->97096 97096->97054 97098 7aa961 22 API calls 97097->97098 97099 7a172c 97098->97099 97100 7aa961 22 API calls 97099->97100 97101 7a1734 97100->97101 97102 7aa961 22 API calls 97101->97102 97103 7a174f 97102->97103 97104 7bfddb 22 API calls 97103->97104 97105 7a129c 97104->97105 97106 7a1b4a 97105->97106 97107 7a1b58 97106->97107 97108 7aa961 22 API calls 97107->97108 97109 7a1b63 97108->97109 97110 7aa961 22 API calls 97109->97110 97111 7a1b6e 97110->97111 97112 7aa961 22 API calls 97111->97112 97113 7a1b79 97112->97113 97114 7aa961 22 API calls 97113->97114 97115 7a1b84 97114->97115 97116 7bfddb 22 API calls 97115->97116 97117 7a1b96 RegisterWindowMessageW 97116->97117 97117->97068 97119 7a1abb 97118->97119 97120 7e272d 97118->97120 97121 7bfddb 22 API calls 97119->97121 97134 813209 23 API calls 97120->97134 97123 7a1ac3 97121->97123 97123->97074 97124 7e2738 97125->97083 97126->97085 97135 81092a 28 API calls 97126->97135 97128 7aa961 22 API calls 97127->97128 97129 7a13fc 97128->97129 97130 7aa961 22 API calls 97129->97130 97131 7a1404 97130->97131 97132 7aa961 22 API calls 97131->97132 97133 7a13c6 97132->97133 97133->97090 97134->97124 96761 7adee5 96764 7ab710 96761->96764 96765 7ab72b 96764->96765 96766 7f00f8 96765->96766 96767 7f0146 96765->96767 96794 7ab750 96765->96794 96770 7f0102 96766->96770 96773 7f010f 96766->96773 96766->96794 96806 8258a2 348 API calls 2 library calls 96767->96806 96804 825d33 348 API calls 96770->96804 96790 7aba20 96773->96790 96805 8261d0 348 API calls 2 library calls 96773->96805 96776 7f03d9 96776->96776 96780 7aba4e 96781 7f0322 96809 825c0c 82 API calls 96781->96809 96785 7aaceb 23 API calls 96785->96794 96788 7bd336 40 API calls 96788->96794 96789 7abbe0 40 API calls 96789->96794 96790->96780 96810 81359c 82 API calls __wsopen_s 96790->96810 96791 7aec40 348 API calls 96791->96794 96794->96780 96794->96781 96794->96785 96794->96788 96794->96789 96794->96790 96794->96791 96795 7aa81b 41 API calls 96794->96795 96796 7bd2f0 40 API calls 96794->96796 96797 7ba01b 348 API calls 96794->96797 96798 7c0242 5 API calls __Init_thread_wait 96794->96798 96799 7bedcd 22 API calls 96794->96799 96800 7c00a3 29 API calls __onexit 96794->96800 96801 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96794->96801 96802 7bee53 82 API calls 96794->96802 96803 7be5ca 348 API calls 96794->96803 96807 7ff6bf 23 API calls 96794->96807 96808 7aa8c7 22 API calls __fread_nolock 96794->96808 96795->96794 96796->96794 96797->96794 96798->96794 96799->96794 96800->96794 96801->96794 96802->96794 96803->96794 96804->96773 96805->96790 96806->96794 96807->96794 96808->96794 96809->96790 96810->96776 97136 7f2a00 97151 7ad7b0 messages 97136->97151 97137 7adb11 PeekMessageW 97137->97151 97138 7ad807 GetInputState 97138->97137 97138->97151 97140 7f1cbe TranslateAcceleratorW 97140->97151 97141 7ada04 timeGetTime 97141->97151 97142 7adb8f PeekMessageW 97142->97151 97143 7adb73 TranslateMessage DispatchMessageW 97143->97142 97144 7adbaf Sleep 97144->97151 97145 7f2b74 Sleep 97158 7f2a51 97145->97158 97147 7f1dda timeGetTime 97204 7be300 23 API calls 97147->97204 97150 80d4dc 47 API calls 97150->97158 97151->97137 97151->97138 97151->97140 97151->97141 97151->97142 97151->97143 97151->97144 97151->97145 97151->97147 97156 7ad9d5 97151->97156 97151->97158 97164 7aec40 348 API calls 97151->97164 97165 7b1310 348 API calls 97151->97165 97166 7abf40 348 API calls 97151->97166 97168 7add50 97151->97168 97175 7adfd0 97151->97175 97198 7bedf6 97151->97198 97203 7be551 timeGetTime 97151->97203 97205 813a2a 23 API calls 97151->97205 97206 81359c 82 API calls __wsopen_s 97151->97206 97152 7f2c0b GetExitCodeProcess 97154 7f2c37 CloseHandle 97152->97154 97155 7f2c21 WaitForSingleObject 97152->97155 97154->97158 97155->97151 97155->97154 97157 8329bf GetForegroundWindow 97157->97158 97158->97150 97158->97151 97158->97152 97158->97156 97158->97157 97159 7f2ca9 Sleep 97158->97159 97207 825658 23 API calls 97158->97207 97208 80e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97158->97208 97209 7be551 timeGetTime 97158->97209 97159->97151 97164->97151 97165->97151 97166->97151 97169 7add6f 97168->97169 97170 7add83 97168->97170 97210 7ad260 97169->97210 97242 81359c 82 API calls __wsopen_s 97170->97242 97172 7add7a 97172->97151 97174 7f2f75 97174->97174 97176 7ae010 97175->97176 97187 7ae0dc messages 97176->97187 97252 7c0242 5 API calls __Init_thread_wait 97176->97252 97177 7aec40 348 API calls 97177->97187 97180 7f2fca 97182 7aa961 22 API calls 97180->97182 97180->97187 97181 7aa961 22 API calls 97181->97187 97185 7f2fe4 97182->97185 97253 7c00a3 29 API calls __onexit 97185->97253 97187->97177 97187->97181 97193 7b04f0 22 API calls 97187->97193 97194 81359c 82 API calls 97187->97194 97195 7ae3e1 97187->97195 97249 7aa8c7 22 API calls __fread_nolock 97187->97249 97250 7aa81b 41 API calls 97187->97250 97251 7ba308 348 API calls 97187->97251 97255 7c0242 5 API calls __Init_thread_wait 97187->97255 97256 7c00a3 29 API calls __onexit 97187->97256 97257 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97187->97257 97258 8247d4 348 API calls 97187->97258 97259 8268c1 348 API calls 97187->97259 97188 7f2fee 97254 7c01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97188->97254 97193->97187 97194->97187 97195->97151 97199 7bee09 97198->97199 97200 7bee12 97198->97200 97199->97151 97200->97199 97201 7bee36 IsDialogMessageW 97200->97201 97202 7fefaf GetClassLongW 97200->97202 97201->97199 97201->97200 97202->97200 97202->97201 97203->97151 97204->97151 97205->97151 97206->97151 97207->97158 97208->97158 97209->97158 97211 7aec40 348 API calls 97210->97211 97214 7ad29d 97211->97214 97212 7ad6d5 97215 7ad30b messages 97212->97215 97226 7bfe0b 22 API calls 97212->97226 97214->97212 97214->97215 97216 7ad3c3 97214->97216 97221 7ad4b8 97214->97221 97225 7bfddb 22 API calls 97214->97225 97228 7f1bc4 97214->97228 97237 7ad429 __fread_nolock messages 97214->97237 97215->97172 97216->97212 97218 7ad3ce 97216->97218 97217 7ad5ff 97219 7f1bb5 97217->97219 97220 7ad614 97217->97220 97222 7bfddb 22 API calls 97218->97222 97247 825705 23 API calls 97219->97247 97224 7bfddb 22 API calls 97220->97224 97227 7bfe0b 22 API calls 97221->97227 97231 7ad3d5 __fread_nolock 97222->97231 97234 7ad46a 97224->97234 97225->97214 97226->97231 97227->97237 97248 81359c 82 API calls __wsopen_s 97228->97248 97229 7bfddb 22 API calls 97230 7ad3f6 97229->97230 97230->97237 97243 7abec0 348 API calls 97230->97243 97231->97229 97231->97230 97233 7f1ba4 97246 81359c 82 API calls __wsopen_s 97233->97246 97234->97172 97236 7a1f6f 348 API calls 97236->97237 97237->97217 97237->97233 97237->97234 97237->97236 97238 7f1b7f 97237->97238 97240 7f1b5d 97237->97240 97245 81359c 82 API calls __wsopen_s 97238->97245 97244 81359c 82 API calls __wsopen_s 97240->97244 97242->97174 97243->97237 97244->97234 97245->97234 97246->97234 97247->97228 97248->97215 97249->97187 97250->97187 97251->97187 97252->97180 97253->97188 97254->97187 97255->97187 97256->97187 97257->97187 97258->97187 97259->97187 97260 7d8402 97265 7d81be 97260->97265 97263 7d842a 97266 7d81ef try_get_first_available_module 97265->97266 97276 7d8338 97266->97276 97280 7c8e0b 40 API calls 2 library calls 97266->97280 97268 7d83ee 97284 7d27ec 26 API calls _abort 97268->97284 97270 7d8343 97270->97263 97277 7e0984 97270->97277 97272 7d838c 97272->97276 97281 7c8e0b 40 API calls 2 library calls 97272->97281 97274 7d83ab 97274->97276 97282 7c8e0b 40 API calls 2 library calls 97274->97282 97276->97270 97283 7cf2d9 20 API calls _abort 97276->97283 97285 7e0081 97277->97285 97279 7e099f 97279->97263 97280->97272 97281->97274 97282->97276 97283->97268 97284->97270 97288 7e008d ___DestructExceptionObject 97285->97288 97286 7e009b 97343 7cf2d9 20 API calls _abort 97286->97343 97288->97286 97290 7e00d4 97288->97290 97289 7e00a0 97344 7d27ec 26 API calls _abort 97289->97344 97296 7e065b 97290->97296 97295 7e00aa __fread_nolock 97295->97279 97346 7e042f 97296->97346 97299 7e068d 97378 7cf2c6 20 API calls _abort 97299->97378 97300 7e06a6 97364 7d5221 97300->97364 97303 7e06ab 97305 7e06cb 97303->97305 97306 7e06b4 97303->97306 97304 7e0692 97379 7cf2d9 20 API calls _abort 97304->97379 97377 7e039a CreateFileW 97305->97377 97380 7cf2c6 20 API calls _abort 97306->97380 97310 7e06b9 97381 7cf2d9 20 API calls _abort 97310->97381 97311 7e00f8 97345 7e0121 LeaveCriticalSection __wsopen_s 97311->97345 97313 7e0781 GetFileType 97314 7e078c GetLastError 97313->97314 97315 7e07d3 97313->97315 97384 7cf2a3 20 API calls __dosmaperr 97314->97384 97386 7d516a 21 API calls 2 library calls 97315->97386 97316 7e0756 GetLastError 97383 7cf2a3 20 API calls __dosmaperr 97316->97383 97319 7e0704 97319->97313 97319->97316 97382 7e039a CreateFileW 97319->97382 97320 7e079a CloseHandle 97320->97304 97322 7e07c3 97320->97322 97385 7cf2d9 20 API calls _abort 97322->97385 97324 7e0749 97324->97313 97324->97316 97326 7e07f4 97327 7e0840 97326->97327 97387 7e05ab 72 API calls 3 library calls 97326->97387 97332 7e086d 97327->97332 97388 7e014d 72 API calls 4 library calls 97327->97388 97328 7e07c8 97328->97304 97331 7e0866 97331->97332 97333 7e087e 97331->97333 97334 7d86ae __wsopen_s 29 API calls 97332->97334 97333->97311 97335 7e08fc CloseHandle 97333->97335 97334->97311 97389 7e039a CreateFileW 97335->97389 97337 7e0927 97338 7e095d 97337->97338 97339 7e0931 GetLastError 97337->97339 97338->97311 97390 7cf2a3 20 API calls __dosmaperr 97339->97390 97341 7e093d 97391 7d5333 21 API calls 2 library calls 97341->97391 97343->97289 97344->97295 97345->97295 97348 7e046a 97346->97348 97349 7e0450 97346->97349 97392 7e03bf 97348->97392 97349->97348 97399 7cf2d9 20 API calls _abort 97349->97399 97351 7e045f 97400 7d27ec 26 API calls _abort 97351->97400 97353 7e04a2 97354 7e04d1 97353->97354 97401 7cf2d9 20 API calls _abort 97353->97401 97362 7e0524 97354->97362 97403 7cd70d 26 API calls 2 library calls 97354->97403 97357 7e051f 97359 7e059e 97357->97359 97357->97362 97358 7e04c6 97402 7d27ec 26 API calls _abort 97358->97402 97404 7d27fc 11 API calls _abort 97359->97404 97362->97299 97362->97300 97363 7e05aa 97365 7d522d ___DestructExceptionObject 97364->97365 97407 7d2f5e EnterCriticalSection 97365->97407 97368 7d5234 97369 7d5259 97368->97369 97373 7d52c7 EnterCriticalSection 97368->97373 97376 7d527b 97368->97376 97371 7d5000 __wsopen_s 21 API calls 97369->97371 97370 7d52a4 __fread_nolock 97370->97303 97372 7d525e 97371->97372 97372->97376 97411 7d5147 EnterCriticalSection 97372->97411 97374 7d52d4 LeaveCriticalSection 97373->97374 97373->97376 97374->97368 97408 7d532a 97376->97408 97377->97319 97378->97304 97379->97311 97380->97310 97381->97304 97382->97324 97383->97304 97384->97320 97385->97328 97386->97326 97387->97327 97388->97331 97389->97337 97390->97341 97391->97338 97395 7e03d7 97392->97395 97393 7e03f2 97393->97353 97395->97393 97405 7cf2d9 20 API calls _abort 97395->97405 97396 7e0416 97406 7d27ec 26 API calls _abort 97396->97406 97398 7e0421 97398->97353 97399->97351 97400->97348 97401->97358 97402->97354 97403->97357 97404->97363 97405->97396 97406->97398 97407->97368 97412 7d2fa6 LeaveCriticalSection 97408->97412 97410 7d5331 97410->97370 97411->97376 97412->97410

                                                                                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                                                                                          Function 007A42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 400 7a42de-7a434d call 7aa961 GetVersionExW call 7a6b57 405 7e3617-7e362a 400->405 406 7a4353 400->406 407 7e362b-7e362f 405->407 408 7a4355-7a4357 406->408 409 7e3632-7e363e 407->409 410 7e3631 407->410 411 7a435d-7a43bc call 7a93b2 call 7a37a0 408->411 412 7e3656 408->412 409->407 413 7e3640-7e3642 409->413 410->409 428 7e37df-7e37e6 411->428 429 7a43c2-7a43c4 411->429 417 7e365d-7e3660 412->417 413->408 416 7e3648-7e364f 413->416 416->405 419 7e3651 416->419 420 7a441b-7a4435 GetCurrentProcess IsWow64Process 417->420 421 7e3666-7e36a8 417->421 419->412 424 7a4437 420->424 425 7a4494-7a449a 420->425 421->420 422 7e36ae-7e36b1 421->422 426 7e36db-7e36e5 422->426 427 7e36b3-7e36bd 422->427 430 7a443d-7a4449 424->430 425->430 434 7e36f8-7e3702 426->434 435 7e36e7-7e36f3 426->435 431 7e36bf-7e36c5 427->431 432 7e36ca-7e36d6 427->432 436 7e37e8 428->436 437 7e3806-7e3809 428->437 429->417 433 7a43ca-7a43dd 429->433 438 7a444f-7a445e LoadLibraryA 430->438 439 7e3824-7e3828 GetSystemInfo 430->439 431->420 432->420 440 7e3726-7e372f 433->440 441 7a43e3-7a43e5 433->441 443 7e3704-7e3710 434->443 444 7e3715-7e3721 434->444 435->420 442 7e37ee 436->442 445 7e380b-7e381a 437->445 446 7e37f4-7e37fc 437->446 447 7a449c-7a44a6 GetSystemInfo 438->447 448 7a4460-7a446e GetProcAddress 438->448 452 7e373c-7e3748 440->452 453 7e3731-7e3737 440->453 450 7a43eb-7a43ee 441->450 451 7e374d-7e3762 441->451 442->446 443->420 444->420 445->442 454 7e381c-7e3822 445->454 446->437 449 7a4476-7a4478 447->449 448->447 455 7a4470-7a4474 GetNativeSystemInfo 448->455 456 7a447a-7a447b FreeLibrary 449->456 457 7a4481-7a4493 449->457 458 7a43f4-7a440f 450->458 459 7e3791-7e3794 450->459 460 7e376f-7e377b 451->460 461 7e3764-7e376a 451->461 452->420 453->420 454->446 455->449 456->457 463 7e3780-7e378c 458->463 464 7a4415 458->464 459->420 462 7e379a-7e37c1 459->462 460->420 461->420 465 7e37ce-7e37da 462->465 466 7e37c3-7e37c9 462->466 463->420 464->420 465->420 466->420
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 007A430D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,0083CB64,00000000,?,?), ref: 007A4422
                                                                                                                                                                                                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 007A4429
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007A4454
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007A4466
                                                                                                                                                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 007A4474
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 007A447B
                                                                                                                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 007A44A0
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c68e494cf5910632e1bd0a849732c8ca700f18a87441c8325dfde28d1a96b05d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 22a6f722ba089041416c762c905e9f2c6f4689ba207c4d70ff49362d826ab2bf
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c68e494cf5910632e1bd0a849732c8ca700f18a87441c8325dfde28d1a96b05d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98A1C46190E2C0CFCF11CB7D7C8D1967FA47BAA300B144999E08D97F6AD26DC588DB61
                                                                                                                                                                                                                                                                                                                                                                          Function 007A42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 828 7a42a2-7a42ba CreateStreamOnHGlobal 829 7a42da-7a42dd 828->829 830 7a42bc-7a42d3 FindResourceExW 828->830 831 7a42d9 830->831 832 7e35ba-7e35c9 LoadResource 830->832 831->829 832->831 833 7e35cf-7e35dd SizeofResource 832->833 833->831 834 7e35e3-7e35ee LockResource 833->834 834->831 835 7e35f4-7e3612 834->835 835->831
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007A50AA,?,?,00000000,00000000), ref: 007A42B2
                                                                                                                                                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007A50AA,?,?,00000000,00000000), ref: 007A42C9
                                                                                                                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,007A50AA,?,?,00000000,00000000,?,?,?,?,?,?,007A4F20), ref: 007E35BE
                                                                                                                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,007A50AA,?,?,00000000,00000000,?,?,?,?,?,?,007A4F20), ref: 007E35D3
                                                                                                                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(007A50AA,?,?,007A50AA,?,?,00000000,00000000,?,?,?,?,?,?,007A4F20,?), ref: 007E35E6
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1cf015da5a4889761312bdeab779197318301cd9c739ab977c3284638d970e80
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8eee2e876c0dde0f551d0d16bbb141f7bd69416d3e18d96dfb32b28631e0a06f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cf015da5a4889761312bdeab779197318301cd9c739ab977c3284638d970e80
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78118E72241700BFDB218B65DC48F277BB9FBC6B51F104669F412E6290DBB2DC008760
                                                                                                                                                                                                                                                                                                                                                                          Function 007E2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A2B6B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00871418,?,007A2E7F,?,?,?,00000000), ref: 007A3A78
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,00862224), ref: 007E2C10
                                                                                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?,00862224), ref: 007E2C17
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b80fb0bc31a6d4910d42168f3105804a5e2b51e0e21b8542cf3e38bbfb306fff
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dc4f3dc6a8149af9ce39b9e89a1a7c0179457fc739c33b099677a2f6cdad8aac
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b80fb0bc31a6d4910d42168f3105804a5e2b51e0e21b8542cf3e38bbfb306fff
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411E471208341DBCB04FF68D85E9AEBBA5FBD3340F04462DF156521A3DF2C894A8722
                                                                                                                                                                                                                                                                                                                                                                          Function 0080D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0080D501
                                                                                                                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0080D50F
                                                                                                                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0080D52F
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0080D5DC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d57a685da4b176d847039096cab0deedad97521debd848852237bfc58d0bdc03
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 94ff8ea8ffd1d6ddaf76e3f81cfdfca1c9a4a0495aa8ee38afabb57017a2e66e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d57a685da4b176d847039096cab0deedad97521debd848852237bfc58d0bdc03
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31316D71108300DFD301EF54CC85AAFBBE8FFDA354F140A2DF581961A1EB65A945CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 0080DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,007E5222), ref: 0080DBCE
                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 0080DBDD
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0080DBEE
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0080DBFA
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6857530b04a5ee5df3479de6eb7a5f80c77c578c64f5cf8bfee76aa926147267
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f34dbdc3f05d28001ab55f118a6cafed31242038c393d7cfa987bd0d14f7344a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6857530b04a5ee5df3479de6eb7a5f80c77c578c64f5cf8bfee76aa926147267
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAF0A031810A2457D2206BB8AC0D8AB3B6CFF81334B104B02F836D22E0EBB059548A95
                                                                                                                                                                                                                                                                                                                                                                          Function 007FD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: efebc8781675ca5988d9a77d0355ab2d1494334d1a0412b9fe5ecdbe1a5e931b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ba939ab3ad80b9e74fb52ed8dd12827751161193ebe39bca16ee921fc8b9bcce
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efebc8781675ca5988d9a77d0355ab2d1494334d1a0412b9fe5ecdbe1a5e931b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6D012A180810CE9CB6097E0CD499FAB37DFB08301F508452FA06E1240E62CCD0867A1
                                                                                                                                                                                                                                                                                                                                                                          Function 007C4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(007D28E9,?,007C4CBE,007D28E9,008688B8,0000000C,007C4E15,007D28E9,00000002,00000000,?,007D28E9), ref: 007C4D09
                                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,007C4CBE,007D28E9,008688B8,0000000C,007C4E15,007D28E9,00000002,00000000,?,007D28E9), ref: 007C4D10
                                                                                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 007C4D22
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 99e30aa919752c1015d11a69ff1d25e04bec706d3d3a492d10b7a8e31d29a99f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 70cc0171f710b2477058648a40ef019510c405bc39dfbae56c431a13d1e0d505
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99e30aa919752c1015d11a69ff1d25e04bec706d3d3a492d10b7a8e31d29a99f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97E0B631100548ABCF11BF64DD1AF983B79FB81791B10481CFD06AA222CB39DD52DB80
                                                                                                                                                                                                                                                                                                                                                                          Function 007FD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 007FD28C
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2c4415622d03051763afb761f08cd3172213c86c0548e509dc1c3b7f8de6e3c5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7b8e7a03cfa566ad35328f5b913ee24bbb4c34e6fa682b643fe29df30a22af0d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c4415622d03051763afb761f08cd3172213c86c0548e509dc1c3b7f8de6e3c5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAD0C9B480111DEACBA4DB90DC88DD9B37CBB14315F100551F106A2100D77499488F10
                                                                                                                                                                                                                                                                                                                                                                          Function 0082AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 0 82aff9-82b056 call 7c2340 3 82b094-82b098 0->3 4 82b058-82b06b call 7ab567 0->4 6 82b09a-82b0bb call 7ab567 * 2 3->6 7 82b0dd-82b0e0 3->7 12 82b0c8 4->12 13 82b06d-82b092 call 7ab567 * 2 4->13 30 82b0bf-82b0c4 6->30 9 82b0e2-82b0e5 7->9 10 82b0f5-82b119 call 7a7510 call 7a7620 7->10 14 82b0e8-82b0ed call 7ab567 9->14 32 82b1d8-82b1e0 10->32 33 82b11f-82b178 call 7a7510 call 7a7620 call 7a7510 call 7a7620 call 7a7510 call 7a7620 10->33 17 82b0cb-82b0cf 12->17 13->30 14->10 22 82b0d1-82b0d7 17->22 23 82b0d9-82b0db 17->23 22->14 23->7 23->10 30->7 34 82b0c6 30->34 35 82b1e2-82b1fd call 7a7510 call 7a7620 32->35 36 82b20a-82b238 GetCurrentDirectoryW call 7bfe0b GetCurrentDirectoryW 32->36 82 82b1a6-82b1d6 GetSystemDirectoryW call 7bfe0b GetSystemDirectoryW 33->82 83 82b17a-82b195 call 7a7510 call 7a7620 33->83 34->17 35->36 53 82b1ff-82b208 call 7c4963 35->53 44 82b23c 36->44 47 82b240-82b244 44->47 50 82b246-82b270 call 7a9c6e * 3 47->50 51 82b275-82b285 call 8100d9 47->51 50->51 64 82b287-82b289 51->64 65 82b28b-82b2e1 call 8107c0 call 8106e6 call 8105a7 51->65 53->36 53->51 68 82b2ee-82b2f2 64->68 65->68 96 82b2e3 65->96 71 82b39a-82b3be CreateProcessW 68->71 72 82b2f8-82b321 call 8011c8 68->72 76 82b3c1-82b3d4 call 7bfe14 * 2 71->76 87 82b323-82b328 call 801201 72->87 88 82b32a call 8014ce 72->88 102 82b3d6-82b3e8 76->102 103 82b42f-82b43d CloseHandle 76->103 82->44 83->82 105 82b197-82b1a0 call 7c4963 83->105 100 82b32f-82b33c call 7c4963 87->100 88->100 96->68 112 82b347-82b357 call 7c4963 100->112 113 82b33e-82b345 100->113 109 82b3ea 102->109 110 82b3ed-82b3fc 102->110 107 82b43f-82b444 103->107 108 82b49c 103->108 105->47 105->82 114 82b451-82b456 107->114 115 82b446-82b44c CloseHandle 107->115 118 82b4a0-82b4a4 108->118 109->110 116 82b401-82b42a GetLastError call 7a630c call 7acfa0 110->116 117 82b3fe 110->117 135 82b362-82b372 call 7c4963 112->135 136 82b359-82b360 112->136 113->112 113->113 121 82b463-82b468 114->121 122 82b458-82b45e CloseHandle 114->122 115->114 126 82b4e5-82b4f6 call 810175 116->126 117->116 124 82b4b2-82b4bc 118->124 125 82b4a6-82b4b0 118->125 130 82b475-82b49a call 8109d9 call 82b536 121->130 131 82b46a-82b470 CloseHandle 121->131 122->121 127 82b4c4-82b4e3 call 7acfa0 CloseHandle 124->127 128 82b4be 124->128 125->126 127->126 128->127 130->118 131->130 146 82b374-82b37b 135->146 147 82b37d-82b398 call 7bfe14 * 3 135->147 136->135 136->136 146->146 146->147 147->76
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082B198
                                                                                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0082B1B0
                                                                                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0082B1D4
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082B200
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0082B214
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0082B236
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082B332
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008105A7: GetStdHandle.KERNEL32(000000F6), ref: 008105C6
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082B34B
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082B366
                                                                                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0082B3B6
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0082B407
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0082B439
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0082B44A
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0082B45C
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0082B46E
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0082B4E3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1dd0e73ba6c38402373193cf47258e9641a66e10ca08ea110276a36594d7996b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 367603ae3934709bc1d6413a22482f4de980bdb3cdc50e27ecf8bc494999659f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dd0e73ba6c38402373193cf47258e9641a66e10ca08ea110276a36594d7996b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7F18731609210DFC714EF24D895B6ABBE5FF85314F18895DF8999B2A2CB34EC80CB52
                                                                                                                                                                                                                                                                                                                                                                          Function 007AD730 Relevance: 21.6, APIs: 14, Instructions: 631sleepsynchronizationtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 007AD807
                                                                                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 007ADA07
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 007ADBB1
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 007F2B76
                                                                                                                                                                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 007F2C11
                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000000), ref: 007F2C29
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007F2C3D
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(?,CCCCCCCC,00000000), ref: 007F2CA9
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Sleep$CloseCodeExitHandleInputObjectProcessSingleStateTimeWaittime
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 388478766-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a260575c939958a66ce3a0ffd3bba50684dcf9eb5721bab14e5cc5d25100aba7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ce5ec376968f38842c59c8cb7f07468cf8ba2cf2f766302c6caf62d83bb6f588
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a260575c939958a66ce3a0ffd3bba50684dcf9eb5721bab14e5cc5d25100aba7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1842DF70604245DFD738CF24C848BBAB7A0FF86304F548619E996877A2D778EC85CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007A2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 007A2D07
                                                                                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 007A2D31
                                                                                                                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007A2D42
                                                                                                                                                                                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 007A2D5F
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007A2D6F
                                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 007A2D85
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007A2D94
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1313dd30678654e194ebf0abd29a133b7096a252d521df7d25595cc9fb3d4b66
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4cf6e2020e8f1ff21bc31e595d513d7d264715d287244a64a4389924d86d3574
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1313dd30678654e194ebf0abd29a133b7096a252d521df7d25595cc9fb3d4b66
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E21E4B5911218AFDF00DFA8E84DBDDBFB4FB48700F00851AEA15B62A0D7B585848F90
                                                                                                                                                                                                                                                                                                                                                                          Function 007E065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 468 7e065b-7e068b call 7e042f 471 7e068d-7e0698 call 7cf2c6 468->471 472 7e06a6-7e06b2 call 7d5221 468->472 479 7e069a-7e06a1 call 7cf2d9 471->479 477 7e06cb-7e0714 call 7e039a 472->477 478 7e06b4-7e06c9 call 7cf2c6 call 7cf2d9 472->478 487 7e0716-7e071f 477->487 488 7e0781-7e078a GetFileType 477->488 478->479 489 7e097d-7e0983 479->489 493 7e0756-7e077c GetLastError call 7cf2a3 487->493 494 7e0721-7e0725 487->494 490 7e078c-7e07bd GetLastError call 7cf2a3 CloseHandle 488->490 491 7e07d3-7e07d6 488->491 490->479 505 7e07c3-7e07ce call 7cf2d9 490->505 497 7e07df-7e07e5 491->497 498 7e07d8-7e07dd 491->498 493->479 494->493 499 7e0727-7e0754 call 7e039a 494->499 502 7e07e9-7e0837 call 7d516a 497->502 503 7e07e7 497->503 498->502 499->488 499->493 510 7e0839-7e0845 call 7e05ab 502->510 511 7e0847-7e086b call 7e014d 502->511 503->502 505->479 510->511 517 7e086f-7e0879 call 7d86ae 510->517 518 7e087e-7e08c1 511->518 519 7e086d 511->519 517->489 521 7e08e2-7e08f0 518->521 522 7e08c3-7e08c7 518->522 519->517 525 7e097b 521->525 526 7e08f6-7e08fa 521->526 522->521 524 7e08c9-7e08dd 522->524 524->521 525->489 526->525 527 7e08fc-7e092f CloseHandle call 7e039a 526->527 530 7e0963-7e0977 527->530 531 7e0931-7e095d GetLastError call 7cf2a3 call 7d5333 527->531 530->525 531->530
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007E039A: CreateFileW.KERNEL32(00000000,00000000,?,007E0704,?,?,00000000,?,007E0704,00000000,0000000C), ref: 007E03B7
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007E076F
                                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007E0776
                                                                                                                                                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 007E0782
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007E078C
                                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007E0795
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 007E07B5
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 007E08FF
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007E0931
                                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007E0938
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 10f4f6682c5a83e4fd3ec2a171f54e217f8557ca2430e8287d6d7bc7bc5b4cd9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ef9a950528bf7398866e75d33785a739a6eb94ad8349962438ee2b24f39bf60e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f4f6682c5a83e4fd3ec2a171f54e217f8557ca2430e8287d6d7bc7bc5b4cd9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA14732A011848FDF19AF68D855BAD3BB0AB4A320F14015DF815EF3E1CB799C92CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007A344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00871418,?,007A2E7F,?,?,?,00000000), ref: 007A3A78
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007A3379
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007A356A
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007E318D
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007E31CE
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 007E3210
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007E3277
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 007E3286
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 820aefdc4ec402c196e538ea36aa3fc83d97e061f555b54b0c7d0f55b7f36524
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1fcf6d7d6260f42317392ca566ea60bde1c193c7480b6318ada29de43f498f71
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 820aefdc4ec402c196e538ea36aa3fc83d97e061f555b54b0c7d0f55b7f36524
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99718E714053009EC304EF65DC8996BBBE8FF99340F40492EF589972B4DB78DA88CB62
                                                                                                                                                                                                                                                                                                                                                                          Function 007A2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 007A2B8E
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 007A2B9D
                                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 007A2BB3
                                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 007A2BC5
                                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 007A2BD7
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007A2BEF
                                                                                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 007A2C40
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: GetSysColorBrush.USER32(0000000F), ref: 007A2D07
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: RegisterClassExW.USER32(00000030), ref: 007A2D31
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007A2D42
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007A2D5F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007A2D6F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: LoadIconW.USER32(000000A9), ref: 007A2D85
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007A2D94
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cca03fc17e1fc3ff252de6c2536e5e3b2b79ca873a3d301791ff5301ae1c16ab
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bc57bbed030622186f432b1e1cd4f0b709d1b7c9b10e69d6b6d20eac24df3b6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cca03fc17e1fc3ff252de6c2536e5e3b2b79ca873a3d301791ff5301ae1c16ab
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40211A75E00318ABDF10DFA9EC5DB997FB4FB48B50F00441AE508A6BA4D7B98584CF90
                                                                                                                                                                                                                                                                                                                                                                          Function 007A3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 609 7a3170-7a3185 610 7a3187-7a318a 609->610 611 7a31e5-7a31e7 609->611 613 7a31eb 610->613 614 7a318c-7a3193 610->614 611->610 612 7a31e9 611->612 615 7a31d0-7a31d8 DefWindowProcW 612->615 616 7e2dfb-7e2e23 call 7a18e2 call 7be499 613->616 617 7a31f1-7a31f6 613->617 618 7a3199-7a319e 614->618 619 7a3265-7a326d PostQuitMessage 614->619 626 7a31de-7a31e4 615->626 655 7e2e28-7e2e2f 616->655 621 7a31f8-7a31fb 617->621 622 7a321d-7a3244 SetTimer RegisterWindowMessageW 617->622 624 7e2e7c-7e2e90 call 80bf30 618->624 625 7a31a4-7a31a8 618->625 620 7a3219-7a321b 619->620 620->626 627 7e2d9c-7e2d9f 621->627 628 7a3201-7a320f KillTimer call 7a30f2 621->628 622->620 630 7a3246-7a3251 CreatePopupMenu 622->630 624->620 650 7e2e96 624->650 631 7a31ae-7a31b3 625->631 632 7e2e68-7e2e72 call 80c161 625->632 634 7e2dd7-7e2df6 MoveWindow 627->634 635 7e2da1-7e2da5 627->635 645 7a3214 call 7a3c50 628->645 630->620 639 7e2e4d-7e2e54 631->639 640 7a31b9-7a31be 631->640 646 7e2e77 632->646 634->620 642 7e2dc6-7e2dd2 SetFocus 635->642 643 7e2da7-7e2daa 635->643 639->615 644 7e2e5a-7e2e63 call 800ad7 639->644 648 7a3253-7a3263 call 7a326f 640->648 649 7a31c4-7a31ca 640->649 642->620 643->649 651 7e2db0-7e2dc1 call 7a18e2 643->651 644->615 645->620 646->620 648->620 649->615 649->655 650->615 651->620 655->615 659 7e2e35-7e2e48 call 7a30f2 call 7a3837 655->659 659->615
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007A316A,?,?), ref: 007A31D8
                                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,007A316A,?,?), ref: 007A3204
                                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007A3227
                                                                                                                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007A316A,?,?), ref: 007A3232
                                                                                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 007A3246
                                                                                                                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 007A3267
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d05d1d23b6af6140a5313bb48d60b118a65429a8f8e3184bee5a95194935bcc7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 58e71f377386badfd09fb8cfb0293fec2d8efe5f7fadb72fd73c75f406eed1de
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d05d1d23b6af6140a5313bb48d60b118a65429a8f8e3184bee5a95194935bcc7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A41DF31240208AADF145F7CDC4EB793A59FBC7340F044725FA0AD66E6CB6DCA8197A2
                                                                                                                                                                                                                                                                                                                                                                          Function 007A1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 665 7a1410-7a1449 666 7a144f-7a1465 mciSendStringW 665->666 667 7e24b8-7e24b9 DestroyWindow 665->667 668 7a146b-7a1473 666->668 669 7a16c6-7a16d3 666->669 672 7e24c4-7e24d1 667->672 668->672 673 7a1479-7a1488 call 7a182e 668->673 670 7a16f8-7a16ff 669->670 671 7a16d5-7a16f0 UnregisterHotKey 669->671 670->668 675 7a1705 670->675 671->670 674 7a16f2-7a16f3 call 7a10d0 671->674 676 7e24d3-7e24d6 672->676 677 7e2500-7e2507 672->677 684 7e250e-7e251a 673->684 685 7a148e-7a1496 673->685 674->670 675->669 682 7e24d8-7e24e0 call 7a6246 676->682 683 7e24e2-7e24e5 FindClose 676->683 677->672 681 7e2509 677->681 681->684 686 7e24eb-7e24f8 682->686 683->686 691 7e251c-7e251e FreeLibrary 684->691 692 7e2524-7e252b 684->692 688 7a149c-7a14c1 call 7acfa0 685->688 689 7e2532-7e253f 685->689 686->677 690 7e24fa-7e24fb call 8132b1 686->690 702 7a14f8-7a1503 CoUninitialize 688->702 703 7a14c3 688->703 697 7e2566-7e256d 689->697 698 7e2541-7e255e VirtualFree 689->698 690->677 691->692 692->684 696 7e252d 692->696 696->689 697->689 699 7e256f 697->699 698->697 701 7e2560-7e2561 call 813317 698->701 705 7e2574-7e2578 699->705 701->697 702->705 707 7a1509-7a150e 702->707 706 7a14c6-7a14f6 call 7a1a05 call 7a19ae 703->706 705->707 708 7e257e-7e2584 705->708 706->702 710 7e2589-7e2596 call 8132eb 707->710 711 7a1514-7a151e 707->711 708->707 724 7e2598 710->724 714 7a1707-7a1714 call 7bf80e 711->714 715 7a1524-7a152f call 7a988f 711->715 714->715 726 7a171a 714->726 725 7a1535 call 7a1944 715->725 728 7e259d-7e25bf call 7bfdcd 724->728 727 7a153a-7a15a5 call 7a17d5 call 7bfe14 call 7a177c call 7a988f call 7acfa0 call 7a17fe call 7bfe14 725->727 726->714 727->728 754 7a15ab-7a15cf call 7bfe14 727->754 734 7e25c1 728->734 736 7e25c6-7e25e8 call 7bfdcd 734->736 742 7e25ea 736->742 745 7e25ef-7e2611 call 7bfdcd 742->745 751 7e2613 745->751 755 7e2618-7e2625 call 8064d4 751->755 754->736 760 7a15d5-7a15f9 call 7bfe14 754->760 761 7e2627 755->761 760->745 766 7a15ff-7a1619 call 7bfe14 760->766 763 7e262c-7e2639 call 7bac64 761->763 769 7e263b 763->769 766->755 771 7a161f-7a1643 call 7a17d5 call 7bfe14 766->771 772 7e2640-7e264d call 813245 769->772 771->763 780 7a1649-7a1651 771->780 778 7e264f 772->778 782 7e2654-7e2661 call 8132cc 778->782 780->772 781 7a1657-7a1668 call 7a988f call 7a190a 780->781 789 7a166d-7a1675 781->789 788 7e2663 782->788 791 7e2668-7e2675 call 8132cc 788->791 789->782 790 7a167b-7a1689 789->790 790->791 793 7a168f-7a16c5 call 7a988f * 3 call 7a1876 790->793 796 7e2677 791->796 796->796
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007A1459
                                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 007A14F8
                                                                                                                                                                                                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 007A16DD
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007E24B9
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 007E251E
                                                                                                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 007E254B
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aed180106cb4f33d166b63033964ac48ff218a0b7df85982b6e327f316b3be4f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a6c97debb1b1a10bcaba1b18c94c17bb1e24d1d7c35a114d4aabad720077208f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aed180106cb4f33d166b63033964ac48ff218a0b7df85982b6e327f316b3be4f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FD1A131702252CFDB19EF15C999B29F7A4BF4A700F54429DE44AAB252DB38ED22CF50
                                                                                                                                                                                                                                                                                                                                                                          Function 0080DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 804 80de27-80de4a WSAStartup 805 80de50-80de71 gethostname gethostbyname 804->805 806 80dee6-80def2 call 7c4983 804->806 805->806 807 80de73-80de7a 805->807 812 80def3-80def6 806->812 809 80de83-80de85 807->809 810 80de7c-80de81 807->810 813 80de96-80dedb call 7c0e20 inet_ntoa call 7cd5f0 call 80ebd1 call 7c4983 call 7bfe14 809->813 814 80de87-80de94 call 7c4983 809->814 810->809 810->810 819 80dede-80dee4 WSACleanup 813->819 814->819 819->812
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e2f3dde76dccdf2f3b95fe9cb95f77c11431a9e391bd3107f6cd5997de3e0eae
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8c0c1620cf92d824db66bfca412f91bc59b7802ca3273c3f18d13a5f6ba53cb6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2f3dde76dccdf2f3b95fe9cb95f77c11431a9e391bd3107f6cd5997de3e0eae
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5411E472904218ABCB60ABA4DC0AEEE77ACFF51711F00056DF445EA0D1EF759A818BA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 838 7a2c63-7a2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007A2C91
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007A2CB2
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,007A1CAD,?), ref: 007A2CC6
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,007A1CAD,?), ref: 007A2CCF
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a5e88b4bf0d765004a4f0fc0b6a05004d3d0a2ca0062867c534a8f900f88d185
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0a478c22144d1610315ffed1fb26514299a190bf893298e57f81ad79972af18b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5e88b4bf0d765004a4f0fc0b6a05004d3d0a2ca0062867c534a8f900f88d185
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41F03A755403907AEB30072BAC4DF773EBDF7C6F50F01005AF908A2AA4C2694880DBB0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 989 7a3b1c-7a3b27 990 7a3b99-7a3b9b 989->990 991 7a3b29-7a3b2e 989->991 993 7a3b8c-7a3b8f 990->993 991->990 992 7a3b30-7a3b48 RegOpenKeyExW 991->992 992->990 994 7a3b4a-7a3b69 RegQueryValueExW 992->994 995 7a3b6b-7a3b76 994->995 996 7a3b80-7a3b8b RegCloseKey 994->996 997 7a3b78-7a3b7a 995->997 998 7a3b90-7a3b97 995->998 996->993 999 7a3b7e 997->999 998->999 999->996
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007A3B0F,SwapMouseButtons,00000004,?), ref: 007A3B40
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007A3B0F,SwapMouseButtons,00000004,?), ref: 007A3B61
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,007A3B0F,SwapMouseButtons,00000004,?), ref: 007A3B83
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 44ae6768991cf695ed6710e2e70f090124195ef69c55d3f721bc53da0ba081ca
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8de3168e9115777d534177d8bec1541f3b2827c896315dc205d5983cc66e996a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44ae6768991cf695ed6710e2e70f090124195ef69c55d3f721bc53da0ba081ca
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C112AB5511208FFDB208FA5DC85AAEB7B9EF85745B104959B805E7110E3359E409B60
                                                                                                                                                                                                                                                                                                                                                                          Function 007FD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                                                                                          control_flow_graph 1000 7fd3a0-7fd3a9 1001 7fd3ab-7fd3b7 1000->1001 1002 7fd376-7fd37b 1000->1002 1004 7fd3c9 1001->1004 1005 7fd3b9-7fd3c7 GetProcAddress 1001->1005 1003 7fd292-7fd2a8 1002->1003 1009 7fd2a9 1003->1009 1006 7fd3ce-7fd3de 1004->1006 1005->1004 1005->1006 1006->1003 1010 7fd3e4-7fd3eb FreeLibrary 1006->1010 1009->1009 1010->1003
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 007FD3BF
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 007FD3E5
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 17605521fdf91300856827d1a03d4bd296c5eca26c493d2da34d31f5d6433652
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6bbbedeb07ed34b0fb6d8f916e8fb3bbbb1bb1113ef0bf1f443049c73224db48
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17605521fdf91300856827d1a03d4bd296c5eca26c493d2da34d31f5d6433652
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDF05572805A29DBE77112108C04A7E3312FF12B20F558654E312F2398E76CCC44A7C3
                                                                                                                                                                                                                                                                                                                                                                          Function 007ADFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          • Variable must be of type 'Object'., xrefs: 007F32B7
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b039c3fcf0fa2a62eaf51ad9dbeb3d1dd588afbb42780787373a794948042d4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8edee0c301eca6f0e5aa1bab4cb13844ddd48524c9f7d15154ad3b4e9aa7bdfb
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b039c3fcf0fa2a62eaf51ad9dbeb3d1dd588afbb42780787373a794948042d4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63C29E71E00215CFCB24CF58C884AADB7B1FF9A310F248669E955AB391D379ED81CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007AEC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 007AFE66
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6d1681c94a15f77a50dd3c7442957c38e7a95f9c0ce23a7b384234b285a380da
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2be227e720a084a78d9858cfd852b94e3c6e190b5d7c317c4b3b020933e1f1e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d1681c94a15f77a50dd3c7442957c38e7a95f9c0ce23a7b384234b285a380da
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FB27A74608340CFDB24CF58C494A2AB7E1FBDA314F248A6DE9998B351D779EC41CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007A3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007E33A2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 007A3A04
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c1a8511fd624ed321f88b725f43ca05dec4b23216a4a0617b8af05e5ad401033
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 63483a0d7953cc652bc5fe816662420e6658dce226cdd2903b798349dd78cf4f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1a8511fd624ed321f88b725f43ca05dec4b23216a4a0617b8af05e5ad401033
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6331C471408300AAC721EF24DC4EFDBB7D8AB86714F004A1EF59993591DB7C9649C7D2
                                                                                                                                                                                                                                                                                                                                                                          Function 007BFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 007C0668
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C32A4: RaiseException.KERNEL32(?,?,?,007C068A,?,00871444,?,?,?,?,?,?,007C068A,007A1129,00868738,007A1129), ref: 007C3304
                                                                                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 007C0685
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f3063c66005acc671abc4f6ee1c2bb7ea7de96f51cb5d1f5314b572d62e8ed69
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 155c6f793082377fe920aaf2b2a2325066cc5d57043fb23287d719ebea5d31a0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3063c66005acc671abc4f6ee1c2bb7ea7de96f51cb5d1f5314b572d62e8ed69
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0C23490020DF78F04BAA4EC5EF9E7B6CAE40710B60853DF928D6592EF79DA25C6C0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007A1BF4
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007A1BFC
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007A1C07
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007A1C12
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007A1C1A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007A1C22
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A1B4A: RegisterWindowMessageW.USER32(00000004,?,007A12C4), ref: 007A1BA2
                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007A136A
                                                                                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32 ref: 007A1388
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 007E24AB
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d751ea64554f5574ff9e5bb16bc8b5ab8cfa94e7fa70834f2e4102c1389b4832
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ac51da005989f5b4e9238843cbba517f3c1cccedc517a6fa6139127d21a18c76
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d751ea64554f5574ff9e5bb16bc8b5ab8cfa94e7fa70834f2e4102c1389b4832
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E071CEB49212008ECF88DFBDAC4E6553AE5FBC9344758822AD51ED7A69EB34C4C4CF46
                                                                                                                                                                                                                                                                                                                                                                          Function 0080C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007A3A04
                                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0080C259
                                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0080C261
                                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0080C270
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b13cce6813b308b7293ef8edc439e873dc072742d032510058085f737186a67b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b9787f0a6d388afef9416b9082e431ae21328b9180ab9252d9f2592c46c80a30
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b13cce6813b308b7293ef8edc439e873dc072742d032510058085f737186a67b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45318470904344AFEB629F648C59BEBBBECFB46308F00049EE59AA7281C7745A85CB51
                                                                                                                                                                                                                                                                                                                                                                          Function 007D86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,007D85CC,?,00868CC8,0000000C), ref: 007D8704
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,007D85CC,?,00868CC8,0000000C), ref: 007D870E
                                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007D8739
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b83e66092f4a0560106ab4d750e3152aaf83c178a3e6a66076526bb46dd1df6c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c81c6fb5478d131bc8bc1a6a42994fbe614c64269f38ab79f63566ce886ec2b8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b83e66092f4a0560106ab4d750e3152aaf83c178a3e6a66076526bb46dd1df6c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6801B13360526067D6A46734684DB7E6B799B81778F39011FF8089B3D3DEBCCC818252
                                                                                                                                                                                                                                                                                                                                                                          Function 007ADB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 007ADB7B
                                                                                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 007ADB89
                                                                                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007ADB9F
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 007ADBB1
                                                                                                                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 007F1CC9
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 430e9cff4faef5107160ed63f9b50ae585f10fac52dd95b8a753982e7b3cb106
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec4982b369aac0e987dcfdf2e1db43f219669462b40528cbc7cedf53e19f715f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 430e9cff4faef5107160ed63f9b50ae585f10fac52dd95b8a753982e7b3cb106
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63F05E70604344DBEB30CBA4CC49FEA73A8FB85310F504A28E65AD34C0DB389488CB26
                                                                                                                                                                                                                                                                                                                                                                          Function 007B1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 007B17F6
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                          • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 83a79fba210e3af2180dae7aee10698814a05f41ae7831e12ae0ccf357a5741d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ef3317868e33eb2f8884dd5d99bc19a6d5517725e85780243b79a75b1eed6e12
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83a79fba210e3af2180dae7aee10698814a05f41ae7831e12ae0ccf357a5741d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9722BB70608241DFC714DF14C8A4BAABBF1BF85314FA4892DF5968B362D739E851CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007B01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 910477122e8eca810a349095bd5bcdaeed29f0d191a1ded1db6afeeb18615225
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: de9233162730eb0e6cf3930ab2eed234cd1b9934b83bff33ad4886da2be60472
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 910477122e8eca810a349095bd5bcdaeed29f0d191a1ded1db6afeeb18615225
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A632AD70A00609DFCB24DF54C899BFEB7B1BF05310F148569EA15AB2A1D739ED84CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007A2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 007E2C8C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007A3A97,?,?,007A2E7F,?,?,?,00000000), ref: 007A3AC2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 007A2DC4
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 05a28622dd3b005bdf591e12860d826c072e29c1359ac6c907243d8a4536f8b7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0a9f4ba2fd56d5868d685c854b33c9e35a29400bbba7a131ecf9a33460ee182d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05a28622dd3b005bdf591e12860d826c072e29c1359ac6c907243d8a4536f8b7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA219671A002989BDB05DF98C849BDE7BFCAF89304F104059E505E7241DBBC5A898FA1
                                                                                                                                                                                                                                                                                                                                                                          Function 007FD363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetComputerNameW.KERNEL32(?,?), ref: 007FD375
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f2915684c6a32630a350e0af93f4b220039a9e977d4d22cb6271355f03ceaafc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5bdb4fc33be65b6885aafc26582d114002ee0faca1c6fa4bc62ab79faf6f5a05
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2915684c6a32630a350e0af93f4b220039a9e977d4d22cb6271355f03ceaafc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FD0C9B580512CEACBA0DB80DC88DE9B37DBB04311F504551F102A2200D77899489B51
                                                                                                                                                                                                                                                                                                                                                                          Function 007A3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 007A3908
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f7e272bfc199c100de36842a0f7dcaa3616cdf0d39b5c9ccf02435033022cdf5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 35fe5a5652bc0082eb1764403731aaf76fa6927a4ee95de80773b68a3beb9191
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7e272bfc199c100de36842a0f7dcaa3616cdf0d39b5c9ccf02435033022cdf5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA31A770504301DFD720DF24D889797BBE4FB8A708F000A2EF59997750D779AA44CB52
                                                                                                                                                                                                                                                                                                                                                                          Function 007BF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 007BF661
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007AD730: GetInputState.USER32 ref: 007AD807
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 007FF2DE
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e0a9112e26f50f84146039af3dc0b7190c8b0a70776a1ae238bac7e875082f4f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec3df24d48d8a3097707a09ebd76a462e699eed58209f67cd87a7d0a3b627afb
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0a9112e26f50f84146039af3dc0b7190c8b0a70776a1ae238bac7e875082f4f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F08C312402059FD314EF69D859B6AB7E9FF8A760F00412AE85AD7362DB70A800CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007AB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 007ABB4E
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 24291e6da69cb6df60b42d622f5ade76f9c32d7960cd98763e2e1aad25f5b723
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 921d5fafe8fb53a2f4a4733bd67498834f2c2529358fa6b018c6ca373fd3889b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24291e6da69cb6df60b42d622f5ade76f9c32d7960cd98763e2e1aad25f5b723
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75327D75A00209DFDB24CF54C898ABAB7B5FF86310F148159EA05AB362D77CED81CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007A4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007A4EDD,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4E9C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007A4EAE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A4E90: FreeLibrary.KERNEL32(00000000,?,?,007A4EDD,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4EC0
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4EFD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007E3CDE,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4E62
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007A4E74
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A4E59: FreeLibrary.KERNEL32(00000000,?,?,007E3CDE,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4E87
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 111c4789664c5231cfde1b656afae2340670f1aaba5923e2a4039722bc6df0e8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3717411273595761561bb06ddc589faca53ca6181619efc8832a5aa56abd7ed5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 111c4789664c5231cfde1b656afae2340670f1aaba5923e2a4039722bc6df0e8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98112332600205EECB14BB60DC0AFAD77A5AFC5B10F20852DF452B71D1EEBAAE049750
                                                                                                                                                                                                                                                                                                                                                                          Function 007D8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bf2005599694ae65408fa69c20e07a3be2a78928855f8ec0463af4adac42b1f7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 140a10d607ce4a9fffbc7e1e4f484200b6ff96536d8ca219474f200176e783e1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf2005599694ae65408fa69c20e07a3be2a78928855f8ec0463af4adac42b1f7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1111187590410AEFCB05DF58E945A9A7BF5FF48314F14405AF808AB312DB31EA11CBA5
                                                                                                                                                                                                                                                                                                                                                                          Function 007D5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D4C7D: RtlAllocateHeap.NTDLL(00000008,007A1129,00000000,?,007D2E29,00000001,00000364,?,?,?,007CF2DE,007D3863,00871444,?,007BFDF5,?), ref: 007D4CBE
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D506C
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d39d31269e25386d6e57f3dc02a368d1cdda34b5198f11028eedeaa4e9139b67
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11014972204704ABE3318F65D885A5AFBFCFB89370F25061EE184973C0EA34A806C7B4
                                                                                                                                                                                                                                                                                                                                                                          Function 007CE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a344db9678d3094b5e8676c861d3c9017622f85d2b78eab87c4b50970dec8bef
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BF0A932521A14D7D6313A759C09F5A33AD9F62335F10072EF525A22D2DB7CE80295A6
                                                                                                                                                                                                                                                                                                                                                                          Function 007D4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,007A1129,00000000,?,007D2E29,00000001,00000364,?,?,?,007CF2DE,007D3863,00871444,?,007BFDF5,?), ref: 007D4CBE
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c1a9e28fdac362634e1935bcec8b7bdf3d7a56a5228b68261724d9c93cb475c8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d51f49a5be7f9a6b737ac428f0422a57840dd22a04e1b0e9a5e3bf245460205a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1a9e28fdac362634e1935bcec8b7bdf3d7a56a5228b68261724d9c93cb475c8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F0E932622224A7DF315F62DC0DF5A3BA9BF517A1B19411BF81DAA381CB7CD80196F0
                                                                                                                                                                                                                                                                                                                                                                          Function 007D3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00871444,?,007BFDF5,?,?,007AA976,00000010,00871440,007A13FC,?,007A13C6,?,007A1129), ref: 007D3852
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 352480b7317a0039ddfd38c1d70cf97e546fe80059602d4a4fff214bcfc4391a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bc5ea5d3cef2b31a6136890f075e4c2cdc88195c44f3ddf77dc3eba936b265b6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 352480b7317a0039ddfd38c1d70cf97e546fe80059602d4a4fff214bcfc4391a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3E065321012249AE62126669C09F9A376AAB427B0F19012BBC1596791DB5DDD01A2F2
                                                                                                                                                                                                                                                                                                                                                                          Function 007A4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4F6D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4167905b9a48e53dbf262867ba0c574d3a70fbeaf07c0d37103a5b3b0f7cbaee
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3fd6e468c882fe30f62f52bd2e72a049420d58c0b0f10445d68485d8acb6bf90
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4167905b9a48e53dbf262867ba0c574d3a70fbeaf07c0d37103a5b3b0f7cbaee
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF0A071005341CFCB348F20D490C12B7E0BF813193289A7EE1DA82610C7BA9844DF01
                                                                                                                                                                                                                                                                                                                                                                          Function 00832A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00832A66
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 05d1cb6e459373f3f7171700303982f9c72aa5a30e278bc679198421c1d63ce2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3774ed20549fb45b798661a5d009a6407b5403b9598b486e01a583955541013b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05d1cb6e459373f3f7171700303982f9c72aa5a30e278bc679198421c1d63ce2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE0867635012AABC754EB34EC909FE775CFF90795F10453AFD16D2180EB30999586E0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 007A314E
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: caa7fd17ca68cc5f207722296aeb9ab33fcb0b42611be01ced6b8a3e849d154d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 33bb9b07864a03993d016e30ad97cf41d460dffb04e424bb5d793ed7a86d5a70
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caa7fd17ca68cc5f207722296aeb9ab33fcb0b42611be01ced6b8a3e849d154d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59F037709143589FEB529F28DC4E7D57BBCB701708F0001E9A54C96696DB7897C8CF51
                                                                                                                                                                                                                                                                                                                                                                          Function 007A2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 007A2DC4
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 484ad47219987d2c7dfcdd430e4d33a5a9ecab295fb31d00331ec7e7649508a6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 955790c739092961b880e7d07d06e4922eb571d02d8206ad674262583ee35fb0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 484ad47219987d2c7dfcdd430e4d33a5a9ecab295fb31d00331ec7e7649508a6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FE0CD726011245BC71192589C0AFDA77DDDFC8790F040171FD09E7248DA74AD808690
                                                                                                                                                                                                                                                                                                                                                                          Function 007A2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007A3908
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007AD730: GetInputState.USER32 ref: 007AD807
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 007A2B6B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007A314E
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c800af2226e150b7fcb4ba9744bbecdf9f4cac89013a4a38f908bc9e7c258475
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 855a4d014fe0939056888e3c40e4d9b52526d5bf87c9b3dee27ede58083b8fc2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c800af2226e150b7fcb4ba9744bbecdf9f4cac89013a4a38f908bc9e7c258475
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98E0862230424487CA08BF78A85E57DB75AEBD3351F40573EF14B93163DE2D89594362
                                                                                                                                                                                                                                                                                                                                                                          Function 0080DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0080DF40
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5544bfa6965412b3755e37d53c4b13760fc3f42bc7c68fe6f787523764e04c03
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8fc99fddb82c7f4fc2610b5a9bbb408708939b443b9c5755f80e1164284a5617
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5544bfa6965412b3755e37d53c4b13760fc3f42bc7c68fe6f787523764e04c03
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24D05EE2A002287BDF60A6749D0DDF73AACD780210F0006A0786ED3152E924DD4486B0
                                                                                                                                                                                                                                                                                                                                                                          Function 007E039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,007E0704,?,?,00000000,?,007E0704,00000000,0000000C), ref: 007E03B7
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b0d8b647b69b778a22b5a9ceb5cceb92fa161325dd08ee0c0784d7d26b65c534
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bb532c3f0eeb3f48524a1f6d1b72d81308f723c0f8794401e95171e9a6b90568
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0d8b647b69b778a22b5a9ceb5cceb92fa161325dd08ee0c0784d7d26b65c534
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFD06C3204010DBBDF028F84DD06EDA3BAAFB88714F014000BE1866020C772E821AB90
                                                                                                                                                                                                                                                                                                                                                                          Function 007A1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007A1CBC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5defe25ee0c117462d6a5a5d61ee56071fb8ec27daedd619ad054b639f4acbd6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f7071d7a6e94811c2290ec34eed3107fbfbd8e60985dd17a8c7174483c269457
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5defe25ee0c117462d6a5a5d61ee56071fb8ec27daedd619ad054b639f4acbd6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AC09236280304EFF6148B94BC4EF107764B398B00F048401F64DA9AE7C3A2A8A0EB60

                                                                                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                          Function 00839576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0083961A
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0083965B
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0083969F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008396C9
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 008396F2
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0083978B
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000009), ref: 00839798
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008397AE
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 008397B8
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008397E9
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00839810
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001030,?,00837E95), ref: 00839918
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0083992E
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00839941
                                                                                                                                                                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 0083994A
                                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 008399AF
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008399BC
                                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008399D6
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 008399E1
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00839A19
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00839A26
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00839A80
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00839AAE
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00839AEB
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00839B1A
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00839B3B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00839B4A
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00839B68
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00839B75
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00839B93
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00839BFA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00839C2B
                                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00839C84
                                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00839CB4
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00839CDE
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00839D01
                                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00839D4E
                                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00839D82
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9944: GetWindowLongW.USER32(?,000000EB), ref: 007B9952
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00839E05
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: de1a0e14bf5fbc7bc506a3b897380f6ed100d7d068172c6b4097d2c6707fb430
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 89de8c61a4912d58c009def8682b7c6bf229ba6d8a7a2687bd971c8fa6bca5a2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de1a0e14bf5fbc7bc506a3b897380f6ed100d7d068172c6b4097d2c6707fb430
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23429031205201AFDB24CF68CC49BAABBE5FF99314F100A1DF699D72A1E7B1D851CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00834873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008348F3
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00834908
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00834927
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0083494B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0083495C
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0083497B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008349AE
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008349D4
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00834A0F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00834A56
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00834A7E
                                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00834A97
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00834AF2
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00834B20
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00834B94
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00834BE3
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00834C82
                                                                                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00834CAE
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00834CC9
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00834CF1
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00834D13
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00834D33
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00834D5A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bf252c68fdb2f72302f0334009ad0c244721d4a7e7bd99a8909fe483d1e3c1d4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cdf803ac4511ee3ed6695f1b452c3bec7d1dc42bf37dc71e642c7aa1b2485102
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf252c68fdb2f72302f0334009ad0c244721d4a7e7bd99a8909fe483d1e3c1d4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3012E071600218ABEB249F24CC49FAE7BF8FF85710F145529F516EA2E1DB78A941CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 007BF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007BF998
                                                                                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007FF474
                                                                                                                                                                                                                                                                                                                                                                          • IsIconic.USER32(00000000), ref: 007FF47D
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000009), ref: 007FF48A
                                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 007FF494
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007FF4AA
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007FF4B1
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007FF4BD
                                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 007FF4CE
                                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 007FF4D6
                                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 007FF4DE
                                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 007FF4E1
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FF4F6
                                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 007FF501
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FF50B
                                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 007FF510
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FF519
                                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 007FF51E
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FF528
                                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 007FF52D
                                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 007FF530
                                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 007FF557
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 98b4827e227b4b2d69ac7c14204f2a4c7b6bac9a890e1d9563e2636cfb8fb788
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ec26c12c4ce6e44b6c191554d69f11580e230c3aee5f25f267db2270d15e841
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98b4827e227b4b2d69ac7c14204f2a4c7b6bac9a890e1d9563e2636cfb8fb788
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70311071A40218BAEB216BB55C4AFBF7E6CFB84B50F100465FA01F61D1DAB59910AB60
                                                                                                                                                                                                                                                                                                                                                                          Function 00801201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0080170D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0080173A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008016C3: GetLastError.KERNEL32 ref: 0080174A
                                                                                                                                                                                                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00801286
                                                                                                                                                                                                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008012A8
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008012B9
                                                                                                                                                                                                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008012D1
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 008012EA
                                                                                                                                                                                                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 008012F4
                                                                                                                                                                                                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00801310
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008011FC), ref: 008010D4
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010BF: CloseHandle.KERNEL32(?,?,008011FC), ref: 008010E9
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ebbbbdee08a733ca2579b0f4dbb7bf2d246ed28331ed4776db0134b222d29a67
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 00c1c40c7be03e1d41073ae1eb64704e79d1d1094a71357b18e9c8389bf2e290
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebbbbdee08a733ca2579b0f4dbb7bf2d246ed28331ed4776db0134b222d29a67
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59818A72900209ABDF219FA8DC89FEE7BBAFF44714F144129F910F62A0D7758954CB25
                                                                                                                                                                                                                                                                                                                                                                          Function 00800B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00801114
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 00801120
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 0080112F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 00801136
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0080114D
                                                                                                                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00800BCC
                                                                                                                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00800C00
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00800C17
                                                                                                                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00800C51
                                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00800C6D
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00800C84
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00800C8C
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00800C93
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00800CB4
                                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00800CBB
                                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00800CEA
                                                                                                                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00800D0C
                                                                                                                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00800D1E
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00800D45
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800D4C
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00800D55
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800D5C
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00800D65
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800D6C
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00800D78
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800D7F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801193: GetProcessHeap.KERNEL32(00000008,00800BB1,?,00000000,?,00800BB1,?), ref: 008011A1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00800BB1,?), ref: 008011A8
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00800BB1,?), ref: 008011B7
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c34e4953ef100daac5e6da8d1042d64bc18f6eb0177f996dc2b68eda7d3f4f1d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fd25206ff49c397f53c6d3867ca943d1f8982ef9869d083f92b61cf1fff1c3e5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c34e4953ef100daac5e6da8d1042d64bc18f6eb0177f996dc2b68eda7d3f4f1d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4971587290020AABEF50DFA4DC49BAEBBB8FF44310F144615E914F6291D775AA05CFB0
                                                                                                                                                                                                                                                                                                                                                                          Function 0081EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(0083CC08), ref: 0081EB29
                                                                                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 0081EB37
                                                                                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 0081EB43
                                                                                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0081EB4F
                                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0081EB87
                                                                                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0081EB91
                                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0081EBBC
                                                                                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 0081EBC9
                                                                                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 0081EBD1
                                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0081EBE2
                                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0081EC22
                                                                                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 0081EC38
                                                                                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 0081EC44
                                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0081EC55
                                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0081EC77
                                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0081EC94
                                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0081ECD2
                                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0081ECF3
                                                                                                                                                                                                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 0081ED14
                                                                                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0081ED59
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 65f12a18580dee725c64fb72ea2aff408384ccf918f33d42c8ea4f0e0b5491ad
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 480b6cf43b8b55a0ac0448d19efbb0b4a67d692931af67f258ffdfbde7793a40
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65f12a18580dee725c64fb72ea2aff408384ccf918f33d42c8ea4f0e0b5491ad
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6161C0352082059FD300EF24D889FAAB7A8FFC5714F08491DF856E72A1DB75D985CBA2
                                                                                                                                                                                                                                                                                                                                                                          Function 0081698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 008169BE
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00816A12
                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00816A4E
                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00816A75
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00816AB2
                                                                                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00816ADF
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e5c6059971cbd9459106a9a575c88c5c5cabfad03d2f06c2994bbe21d9983a1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53948dc2835a2a4590e12919750cd6f4a64408a29fad4a71834d8b17b3986935
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e5c6059971cbd9459106a9a575c88c5c5cabfad03d2f06c2994bbe21d9983a1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75D13DB2508340AEC714EBA4CC85EABB7ECFF89704F044A1DF585D6191EB78DA44CB62
                                                                                                                                                                                                                                                                                                                                                                          Function 00819642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00819663
                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 008196A1
                                                                                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 008196BB
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 008196D3
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008196DE
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 008196FA
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0081974A
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00866B7C), ref: 00819768
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00819772
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0081977F
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0081978F
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4ee487b2d5297e892cee5197e6d2ca155224d4368bb0a10df8e34a619153e193
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f28d62561666875c7091b51ef73c6b8a9e75f2b95e53c613dfe3e75688caaea
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ee487b2d5297e892cee5197e6d2ca155224d4368bb0a10df8e34a619153e193
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF31D172501219AADB14AFB4EC18EDE77ACFF49320F104959F955E21E0EB35DE808B60
                                                                                                                                                                                                                                                                                                                                                                          Function 0081979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 008197BE
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00819819
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00819824
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00819840
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00819890
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00866B7C), ref: 008198AE
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 008198B8
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008198C5
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 008198D5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0080DB00
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9188a9d528342f2e48c50e02849b80eedbaa4289d154e0dee1b2bd6be82e32c3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1639fd1ef86b75eb60eeabd17149752b3452614131428d085a37d3d546e7b85c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9188a9d528342f2e48c50e02849b80eedbaa4289d154e0dee1b2bd6be82e32c3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4231AF32500619AEDB10AFB4EC58ADE77ACFF46320F144569E994E21A0EB35DAC5CB60
                                                                                                                                                                                                                                                                                                                                                                          Function 0082BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0082B6AE,?,?), ref: 0082C9B5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082C9F1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA68
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA9E
                                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0082BF3E
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0082BFA9
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0082BFCD
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0082C02C
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0082C0E7
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0082C154
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0082C1E9
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0082C23A
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0082C2E3
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0082C382
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0082C38F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 295863367bf13df7a07261cf45d31d958c4a9a1b7c43cdad419302edbfdea29d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ffa08bbb832c480f738c63c1f97f33100af597837fcc10fd25181b7b43d3c19d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 295863367bf13df7a07261cf45d31d958c4a9a1b7c43cdad419302edbfdea29d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F023B71604210EFC714DF24D895A2ABBE5FF89318F18899DF84ADB2A2DB31EC45CB51
                                                                                                                                                                                                                                                                                                                                                                          Function 0080D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007A3A97,?,?,007A2E7F,?,?,?,00000000), ref: 007A3AC2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080E199: GetFileAttributesW.KERNEL32(?,0080CF95), ref: 0080E19A
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0080D122
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0080D1DD
                                                                                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0080D1F0
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0080D20D
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0080D237
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0080D21C,?,?), ref: 0080D2B2
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0080D253
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0080D264
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7bd6f2fedbe71be80c346350367fa11c844883767bb6ef2419d9c291dc9d1047
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a03c4c1fec92bb214db1311c38fbc0768f76d85e6190d6d912005c2e86452a8a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bd6f2fedbe71be80c346350367fa11c844883767bb6ef2419d9c291dc9d1047
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1861393180121DAACF45EBE0DE969EEB775FF96301F248165E402B7191EB34AF09CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 0081ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ad986d51a4899a78d46b5387013c3b9c953dd73a05f764df7cc977274ab28e27
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0101ec206b86c99c2b275eccbbdb1f5952bdd2c8bb6b9b12e90048032894fe68
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad986d51a4899a78d46b5387013c3b9c953dd73a05f764df7cc977274ab28e27
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F418C35204611AFD720DF29E889B5ABBE5FF84318F14C49DE8199B662C775EC81CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 0080E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0080170D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0080173A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008016C3: GetLastError.KERNEL32 ref: 0080174A
                                                                                                                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0080E932
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9d6fcc1dd5f9b7677877bca1d2a0260b7a66f09e9b48855783e71506965500da
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 99bbd2eea4cc625a81eaf1cb598e4fae2a010ff5af37f3ca36a5fb3be7b286dc
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d6fcc1dd5f9b7677877bca1d2a0260b7a66f09e9b48855783e71506965500da
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA01D673610215ABEBD426B89C8ABBB765CF714754F154D21FC12F21E1D6A15C408290
                                                                                                                                                                                                                                                                                                                                                                          Function 00821204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00821276
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00821283
                                                                                                                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 008212BA
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 008212C5
                                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 008212F4
                                                                                                                                                                                                                                                                                                                                                                          • listen.WSOCK32(00000000,00000005), ref: 00821303
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 0082130D
                                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 0082133C
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1f54b4db1b5aecde457be40dd110f130144c09e9109207d67e954e978e3b9131
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a42988a58e91f0a70aa71b0dc21d18c0732a30b892b0094390d7cccd15607229
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f54b4db1b5aecde457be40dd110f130144c09e9109207d67e954e978e3b9131
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8416331600110DFDB10DF64D488B29B7E6FF96318F288598E8569F296C775ED81CBE1
                                                                                                                                                                                                                                                                                                                                                                          Function 007DB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DB9D4
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DB9F8
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DBB7F
                                                                                                                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00843700), ref: 007DBB91
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0087121C,000000FF,00000000,0000003F,00000000,?,?), ref: 007DBC09
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00871270,000000FF,?,0000003F,00000000,?), ref: 007DBC36
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DBD4B
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 231ad6250685e285c74d80f3cf4b1cad0c9c3b1979444e87a840cbf9de61e115
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 88c8b652fdae0a992faf16cb320d9b19c8ebd33386ab6a618206fdaea8a7509f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 231ad6250685e285c74d80f3cf4b1cad0c9c3b1979444e87a840cbf9de61e115
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7C12771A00244EFCB20DF688C59BAA7BB9FF81310F16419BE494D7356EB389E419B60
                                                                                                                                                                                                                                                                                                                                                                          Function 0080D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007A3A97,?,?,007A2E7F,?,?,?,00000000), ref: 007A3AC2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080E199: GetFileAttributesW.KERNEL32(?,0080CF95), ref: 0080E19A
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0080D420
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0080D470
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0080D481
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0080D498
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0080D4A1
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b9e51acaa26f590384a4c902f60376d0abad61430317c212f962c8c0db6e7b4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d4bd1188a5fecd72d3708ec3d48165c582ec58b20f856d88da053a2cb30455c2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b9e51acaa26f590384a4c902f60376d0abad61430317c212f962c8c0db6e7b4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29314B71008355ABC305EFA4D8968AFB7A8FED2314F444E1DF4D593191EB28AA09CB67
                                                                                                                                                                                                                                                                                                                                                                          Function 007DE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3543fa69328b434ffc42c3fc07c21168e7422a93315fc3c8d1e2836a22387bec
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c0a5b1bdcff24416e14f99412ec01c9edc5b86f7ff1b30f639f98c589158fb2a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3543fa69328b434ffc42c3fc07c21168e7422a93315fc3c8d1e2836a22387bec
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFC22971E046288FDB25DF289D447EAB7B5EB49314F1441EBD84EE7241E778AE818F40
                                                                                                                                                                                                                                                                                                                                                                          Function 0081648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008164DC
                                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00816639
                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0083FCF8,00000000,00000001,0083FB68,?), ref: 00816650
                                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 008168D4
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 18db3dc29fe9a90adf4c8589e2948ff878909efd2ca2d9b934c581e87b51a798
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 079efa81f033a8b61343c8dba454ca18d363f6b875a06696996ae9c91a87d92e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18db3dc29fe9a90adf4c8589e2948ff878909efd2ca2d9b934c581e87b51a798
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCD13871508201AFC304EF24C885AABB7E9FFD5704F04496DF595CB291EB74E945CBA2
                                                                                                                                                                                                                                                                                                                                                                          Function 008222DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 008222E8
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0081E4EC: GetWindowRect.USER32(?,?), ref: 0081E504
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00822312
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00822319
                                                                                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00822355
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00822381
                                                                                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008223DF
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5ae92a61393e38b929220a219b4f9d2cd5e8cdc4cc88c2d542ce0a5874934fda
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ee3cff0944cb7acd13e123c8bb0bef0bbb475cb2c66a632a6b5dcbc3c351b0e3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ae92a61393e38b929220a219b4f9d2cd5e8cdc4cc88c2d542ce0a5874934fda
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B131BE72504315AFD720DF58D849B9BBBA9FFC8314F000A19F985E7291DB34EA49CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00819B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00819B78
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00819C8B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00813874: GetInputState.USER32 ref: 008138CB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00813874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00813966
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00819BA8
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00819C75
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c838afbd12b6ffd4515c902ef140e33fd3af15bd32552285aebfb52fc2fff2a5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a2acfe09662553a304512b02720566dd84433b535707d79361963557a3a893f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c838afbd12b6ffd4515c902ef140e33fd3af15bd32552285aebfb52fc2fff2a5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD418F7190420AEFCF14DF64C899AEEBBB8FF45310F204155E845E2291EB349E94CFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007B997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 007B9A4E
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 007B9B23
                                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 007B9B36
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ef87dc80db49975f700b275f5ee6182bcc9398bbe45a1d6b8bee0998fa6a55fc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5bd1ef7074c641619b04e7998f0d75cb7487e7e7635477a53955e2e7adfc1c02
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef87dc80db49975f700b275f5ee6182bcc9398bbe45a1d6b8bee0998fa6a55fc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AA1E970118448BEE729AA3C8C9DFFB3A5DEB82340F158119F722D6B95CA2DDD41D272
                                                                                                                                                                                                                                                                                                                                                                          Function 00821806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0082307A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082304E: _wcslen.LIBCMT ref: 0082309B
                                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0082185D
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00821884
                                                                                                                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 008218DB
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 008218E6
                                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00821915
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa83f96ffe51f9da0332743e2c950b05dc4afa3d89ef6756513c45b198e94cd2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 238c886eb3ce6a5db8115e0ba99a85bc045add32e0704c25b6c51d9c007eb626
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa83f96ffe51f9da0332743e2c950b05dc4afa3d89ef6756513c45b198e94cd2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4351B371A00210AFDB10AF24D88AF6A77E5EB85718F188558F905AF3C3C775AD81CBA1
                                                                                                                                                                                                                                                                                                                                                                          Function 00831C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0637d25f8c9a6e3ee092b30f98e46f03a247215ce7a0b369267b33678576b426
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7dfa7cc10cf0dfb456f46b5c1b576248b4d569020f840f8f3b1097dea45ee873
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0637d25f8c9a6e3ee092b30f98e46f03a247215ce7a0b369267b33678576b426
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E621D1317402109FDB208F2AC898B6A7BA5FFD5714F189468E84ADB351CB71EC42CBD0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b48d5f7938f555b3732176af19d9a94cba079ce05407fd6126283c40ae445ef9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 96336c54ea258402a8eeaacb3dbea99f40d4c5a812ae3113935063d5f87fce3d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d5f7938f555b3732176af19d9a94cba079ce05407fd6126283c40ae445ef9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0A2A370E0125ACBDF64CF59C8407ADB7B1FF99314F2482AAD815AB285EB389D81CF51
                                                                                                                                                                                                                                                                                                                                                                          Function 0080AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0080AAAC
                                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 0080AAC8
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0080AB36
                                                                                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0080AB88
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a5afb5da517c58accc39f3ebea650661871a02fb7d6f0f29ef4a1b5b6668ed90
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d4f748578d7b87518ea1b9c2a28ae240f35dc05fd15847ea242a8160fe92a954
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5afb5da517c58accc39f3ebea650661871a02fb7d6f0f29ef4a1b5b6668ed90
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F631E531A40358AEFB798A68CC26BFA7BA6FB44320F44421AE585E61D1D3758981C762
                                                                                                                                                                                                                                                                                                                                                                          Function 0081CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 0081CE89
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 0081CEEA
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 0081CEFE
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 18565edbd643a870dd8ce44868e5d944bff66c59360436c681876802f31bc86a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9b7429602f97a2227d7a035bba4937d16729dc5261250dba79f0b4630ce583e6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18565edbd643a870dd8ce44868e5d944bff66c59360436c681876802f31bc86a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56218E715403059BDB209FA5C949BA7B7FCFF40358F10481EE546E2151EBB4ED858B64
                                                                                                                                                                                                                                                                                                                                                                          Function 00808298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008082AA
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ae8c961fcd297e76a512ff446a03194dca007f2bf17856c77d7cd7699a75ca63
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c83ccb3bd066cba308a1fbe799cab5c4cb55766e3dea3cc87af6a0ffcf5037f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae8c961fcd297e76a512ff446a03194dca007f2bf17856c77d7cd7699a75ca63
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6322474A00605DFCB68CF69C481A6AB7F0FF48710B15C56EE59ADB3A1EB70E981CB44
                                                                                                                                                                                                                                                                                                                                                                          Function 00815C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00815CC1
                                                                                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00815D17
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00815D5F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ccb9d7dce3dbf8beed0bb559cc858db51577281decfeb6bd8c9bf077ec7668e8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 440bc10283520356faa6684c4da1d6948ad2de3f7eb9b231c64c09f896458eca
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccb9d7dce3dbf8beed0bb559cc858db51577281decfeb6bd8c9bf077ec7668e8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9517875604601DFC714CF28D498E96B7E8FF8A324F14856DE95ACB3A1CB34E984CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007D2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 007D271A
                                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007D2724
                                                                                                                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 007D2731
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1a03aef022fc999722396023cd86fce8bb5bf948459c2717c8ea2cde1ff4177a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c913ccc5684109c279b93f05785c176856bf1103a8f6c4a8dbbded8065cb140f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a03aef022fc999722396023cd86fce8bb5bf948459c2717c8ea2cde1ff4177a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C831C675901218EBCB21DF64DC88B9DBBB8BF18310F5041DAE41CA7261E7349F828F85
                                                                                                                                                                                                                                                                                                                                                                          Function 008151CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 008151DA
                                                                                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00815238
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 008152A1
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a4859bf5eaf779cf592c7e81411802b72b516dc31efc8e1c4aba0093c4eb616a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 86ad29a64ded1dbfd97a43cf3027bcabbae4ed0d90140fcc9130aa58a4a8ac06
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4859bf5eaf779cf592c7e81411802b72b516dc31efc8e1c4aba0093c4eb616a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44313E75A00518DFDB00DF54D888EADBBB5FF89314F088499E805AB3A2DB35E855CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 008016C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007C0668
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007C0685
                                                                                                                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0080170D
                                                                                                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0080173A
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0080174A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f995c5f52408ab0adebca2bdcaaf7d26da75370a487f1a27a414021cfab1030
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3451db6a4cd6f5357c18443cacc892a79792b98cad34978c601a625c94f3768d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f995c5f52408ab0adebca2bdcaaf7d26da75370a487f1a27a414021cfab1030
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F11194B1514304AFDB189F54DC8AE6AB7F9FB44724B20852EE05697281EB70FC418B60
                                                                                                                                                                                                                                                                                                                                                                          Function 0080D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0080D608
                                                                                                                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0080D645
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0080D650
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ea6d4db93c4b93b4ecf6d9fe3b7c3f97865a9a9fca5850b0af58511246cd4b46
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a7e09a5089b152a129d45f253c540d102b8115e5a5e8235c54c4ee777e914447
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea6d4db93c4b93b4ecf6d9fe3b7c3f97865a9a9fca5850b0af58511246cd4b46
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD117C71E01228BBDB108F949C44FAFBBBCFB45B50F108111F914E7290C2704A018BA1
                                                                                                                                                                                                                                                                                                                                                                          Function 00801663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0080168C
                                                                                                                                                                                                                                                                                                                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008016A1
                                                                                                                                                                                                                                                                                                                                                                          • FreeSid.ADVAPI32(?), ref: 008016B1
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 112f624118c8c1378b986d84c923a4eec584623a6842cfac09641ad920c12107
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6fecdb9c6edeef8b369e82639bbafb80ccbd4b0818511d98bc6b916d1c7436e7
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 112f624118c8c1378b986d84c923a4eec584623a6842cfac09641ad920c12107
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0F47195030DFBDF00DFE49D89AAEBBBCFB08704F504965E501E2181E774AA448B50
                                                                                                                                                                                                                                                                                                                                                                          Function 007DC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 93eeb8cd0aae5e7f5477656815f3ac7467a2a92899586882455653789a63f7ed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 24a3f5d839f1553e38fa8621fcf257f10b4da783666e816e2fecd61bbdf06ef1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93eeb8cd0aae5e7f5477656815f3ac7467a2a92899586882455653789a63f7ed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3841297650021AAFCB249FB9CC4DEBB7778FB84314F1042AAF905D7280E6749D41CB50
                                                                                                                                                                                                                                                                                                                                                                          Function 007CCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ce3a9265e8a619f1d81198dfa80bddbe048621ad6f93bb174a674320908318b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C022D72E002199BDF25CFA9C980BADBBF1EF48314F25816DD919E7380D735AD418B90
                                                                                                                                                                                                                                                                                                                                                                          Function 008168EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00816918
                                                                                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00816961
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 93088b2b0a418cb75617cd969df2102cc82c86d64418e5aa4ccd0c9ee1573ee6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: db25bdac44bbc2c7f90622ceba7bcb1fe5f64088770f6a1f1aca9544de3fcfff
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93088b2b0a418cb75617cd969df2102cc82c86d64418e5aa4ccd0c9ee1573ee6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC1190316042109FC710DF29D888A16BBE5FF85328F14C699E8A98F2A2D734EC45CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 008137B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00824891,?,?,00000035,?), ref: 008137E4
                                                                                                                                                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00824891,?,?,00000035,?), ref: 008137F4
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aec76dc7a3e0df514cb405221fe75a6c3d727c68b1785a648eac5b2ae76ead10
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df5fdf4290f994aba11cf0d940f5693d986cf172e89d072362bf3d03cf0026bd
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aec76dc7a3e0df514cb405221fe75a6c3d727c68b1785a648eac5b2ae76ead10
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10F0E5B16053286AEB2017768C4DFEB3AAEFFC5761F000675F509E22C1D9609D44C7B0
                                                                                                                                                                                                                                                                                                                                                                          Function 0080B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0080B25D
                                                                                                                                                                                                                                                                                                                                                                          • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0080B270
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a8f16c3118a93a8ea6eb2943fce7b18f265252ac81458f2141cccb61a7f93910
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bc1ed42ff110c45eca2752f9788087ec06d9f89be4fa983c6235a2b1b648e5a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8f16c3118a93a8ea6eb2943fce7b18f265252ac81458f2141cccb61a7f93910
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0177190428EABDB059FA4C806BAE7BB4FF08309F00840AF965A61A2C37986119F94
                                                                                                                                                                                                                                                                                                                                                                          Function 008010BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008011FC), ref: 008010D4
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,008011FC), ref: 008010E9
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b7baf5a06db5ec5c730f5e617f4091626974f3ac041cac08869e1d6213653aa
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ff36d385e482a67fb5821d33e0b8b1a411975169a3cc67559e9d81e160d2b6b7
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7baf5a06db5ec5c730f5e617f4091626974f3ac041cac08869e1d6213653aa
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37E0BF72014A10EEEB252B51FC09FB777E9FB04720B14882DF5A5904B1DB66ACA0DB50
                                                                                                                                                                                                                                                                                                                                                                          Function 007ACAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          • Variable is not of type 'Object'., xrefs: 007F0C40
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52964c1c34eb81641e2c378b4461b2ad6f92125a0b28cc72ef7be8dc21dac04f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 25e1e6620dbd5b4f4cbb92fa87ae384d2d1e74006b255ae629a39366f45339f3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52964c1c34eb81641e2c378b4461b2ad6f92125a0b28cc72ef7be8dc21dac04f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18329D70A00218EFCF15DF94C885AFDB7B5BF86304F144259E906AB392D739AE45CBA1
                                                                                                                                                                                                                                                                                                                                                                          Function 007D676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007D6766,?,?,00000008,?,?,007DFEFE,00000000), ref: 007D6998
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8046c68c1948cb0d173faf9cfab85002e20096a3f295ec34a1c38d7a60162132
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 11cac8d085c5e5c2980c476d32e8384579dc9cef980a12bab3bf175531daf934
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8046c68c1948cb0d173faf9cfab85002e20096a3f295ec34a1c38d7a60162132
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FB127716106099FD715CF28C48AB657BB0FF45364F25865AE8D9CF3A2C339E991CB40
                                                                                                                                                                                                                                                                                                                                                                          Function 007BB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2b2df217029a70db938c473842e2fd06ac159179a838da99de7330e9bb3119d2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 63f046b375b9739203e6dcac095d92028cb62b5a8804c174fa1e604ebffa5e8b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b2df217029a70db938c473842e2fd06ac159179a838da99de7330e9bb3119d2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9125D759002299BCB64CF58C8807FEB7F5FF48710F14819AE949EB251EB789A81CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 0081EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 0081EABD
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 01b555f33eb6fa3239270827781afca896ef22a1b525a625725399b1bfccbd87
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a074065b655dae1028457ba1e9665d98c87b2af03504c3bb3321d7053955ccff
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01b555f33eb6fa3239270827781afca896ef22a1b525a625725399b1bfccbd87
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54E01A32200214AFC710EF69D809E9AB7EDFFA9760F04841AFC4AD7251DA74A8808B91
                                                                                                                                                                                                                                                                                                                                                                          Function 007C09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007C03EE), ref: 007C09DA
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 48ae29b193c6014cc2456281f437e8128a70aa0192eacc4b00763c21bdb87285
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a0c548133a1754d58c95fb17838b0e8be89f2e18bb6217b5730156a7630ec501
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48ae29b193c6014cc2456281f437e8128a70aa0192eacc4b00763c21bdb87285
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                          Function 007C781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a349f7066708532d8260f9d3238000e9a9cc3d2103b1c824e223ac27d0897630
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B351897160C7059BDF3C8528889EFBE23D99B12340F18050DEA82DB282CE2DEE41DF52
                                                                                                                                                                                                                                                                                                                                                                          Function 007D6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 680daa201edaa774daa166ba4707891198fb1334be97fd7ee6e429615a746918
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 81750ac0158bd8caf8b4e77970b8ac0c8cdb345af9b761979b5f9d8885f8ee87
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 680daa201edaa774daa166ba4707891198fb1334be97fd7ee6e429615a746918
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1322126D29F414DD7279634D822335A299BFB73C5F55C737F81AB5AA6EB28C4838100
                                                                                                                                                                                                                                                                                                                                                                          Function 007BCC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f505a52476004574bdd571bbdb52c0ac9b0f8db2851e9dde98d8e3c6eeb102c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 47e4e85f0b5cc50ad05d57a6dfdc2aec34627415fde53a12ade49bf0ccd630f0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f505a52476004574bdd571bbdb52c0ac9b0f8db2851e9dde98d8e3c6eeb102c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF324831A0410D8BDF2ACF28C6906BD7BA1EB45310F28D56AD64ACB391E73CDD81DB61
                                                                                                                                                                                                                                                                                                                                                                          Function 007A7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9478070bfe3527ead40da52038c4c22e2d0bd9b975a1b201d9748f2fe42077d9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ebe04872e69a4b14c25b2b15ea26a00c5d7cba83d36f24b94be1f514d406614d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9478070bfe3527ead40da52038c4c22e2d0bd9b975a1b201d9748f2fe42077d9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3822C3B0A00609DFDF14CF69D985AAEB3F6FF89304F104629E816A7291E739ED11CB50
                                                                                                                                                                                                                                                                                                                                                                          Function 007A91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d0478252fd44fc9e806005b630dbab967edf5a3a9cd695416b251e7e45af8e53
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f111c21bf1edaa1c819ab6b9828c5e7ad1b72321de2dcadccb717a267286d3d0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0478252fd44fc9e806005b630dbab967edf5a3a9cd695416b251e7e45af8e53
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5002C6B0A01105EBDB04DF65D885BAEB7B1FF48300F118569E9169B391EB39EE20CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007D9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 053f38c0d07bfb0de83c07b89938a05ace7733822ca4eb04dd2c2af32e4d746f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bbcf4554da4aade6636ecb38f5b48d810aa4ad42934feb6ae17575d59a3bec7a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 053f38c0d07bfb0de83c07b89938a05ace7733822ca4eb04dd2c2af32e4d746f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FB1F134D2AF414DC2239A399831336B65CBFBB6D5F91D71BFC1674E22EB2286838140
                                                                                                                                                                                                                                                                                                                                                                          Function 007C7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0e36b8765f4a21ee93cd114532d14a027efcd8e35f3db6690fd663334f4f289f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2bf92869bb722952dcfd77c65f1b0bcc6fa65fd60ebeafc42453c71a2c9dc081
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e36b8765f4a21ee93cd114532d14a027efcd8e35f3db6690fd663334f4f289f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F6159B1208749A7DB3C9E2C8D95FBE2398DF41710F14491EE842DB281DE1DAE42CF66
                                                                                                                                                                                                                                                                                                                                                                          Function 007C7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 600d75bbfcbe9972aac6f307cd9c785854f0a9aa2e5c56e0a9b6ca15f6fba828
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 999cd826d03874b346c7d2ce3fd8ee7f1c50189c7ea38e021cec72f58de93f06
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 600d75bbfcbe9972aac6f307cd9c785854f0a9aa2e5c56e0a9b6ca15f6fba828
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4616872708709A7DA3C5A284896FBF2398AF42740F10495EF943DB281DE1EED42CF56
                                                                                                                                                                                                                                                                                                                                                                          Function 00812046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4de33d19aec516f7fbdc69269f72a7e2144ea759fe8389c651eb1ea6405bb218
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a7fa3e1e114c9cd6e0809d23e47ff688cc983fd6e7bf1932a2d1c0b2b6d6877b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4de33d19aec516f7fbdc69269f72a7e2144ea759fe8389c651eb1ea6405bb218
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F721A8326206118BD728CF79C8266BA73E9FB64310F15862EE4A7C37D5DE39E944CB40
                                                                                                                                                                                                                                                                                                                                                                          Function 00822ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00822B30
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00822B43
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00822B52
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00822B6D
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00822B74
                                                                                                                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00822CA3
                                                                                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00822CB1
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822CF8
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00822D04
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00822D40
                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822D62
                                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822D75
                                                                                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822D80
                                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00822D89
                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822D98
                                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00822DA1
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822DA8
                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00822DB3
                                                                                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822DC5
                                                                                                                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0083FC38,00000000), ref: 00822DDB
                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00822DEB
                                                                                                                                                                                                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00822E11
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00822E30
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00822E52
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0082303F
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1d3112fc4a0015372f36b733d6fd3ff1ea76d8b20e08914e45ac6aadf30e478e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1673f5963e43313968e21f777af3b425ba46bd66a296c64d6d7c2faeccf7120c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d3112fc4a0015372f36b733d6fd3ff1ea76d8b20e08914e45ac6aadf30e478e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56026A71900218EFDB14DF68DC89EAE7BB9FB89310F048558F915AB2A1DB74ED41CB60
                                                                                                                                                                                                                                                                                                                                                                          Function 008370D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0083712F
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00837160
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0083716C
                                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 00837186
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00837195
                                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 008371C0
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 008371C8
                                                                                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 008371CF
                                                                                                                                                                                                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 008371DE
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 008371E5
                                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00837230
                                                                                                                                                                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00837262
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00837284
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: GetSysColor.USER32(00000012), ref: 00837421
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: SetTextColor.GDI32(?,?), ref: 00837425
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: GetSysColorBrush.USER32(0000000F), ref: 0083743B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: GetSysColor.USER32(0000000F), ref: 00837446
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: GetSysColor.USER32(00000011), ref: 00837463
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00837471
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: SelectObject.GDI32(?,00000000), ref: 00837482
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: SetBkColor.GDI32(?,00000000), ref: 0083748B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: SelectObject.GDI32(?,?), ref: 00837498
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008374B7
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008374CE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008373E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008374DB
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fa40b98ab0a7d6f00cf4398141eb3b33e10e4b044b69031b0428cd27560527bc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 32d13918df49c3231cf05ab3e932d69e42218c8175075bdba014c056152d14df
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa40b98ab0a7d6f00cf4398141eb3b33e10e4b044b69031b0428cd27560527bc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BA16F72008301AFDB119F64DC48E6B7BA9FBC9321F100E19F962E61E1D775E944DB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00822711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 0082273E
                                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0082286A
                                                                                                                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008228A9
                                                                                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008228B9
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00822900
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0082290C
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00822955
                                                                                                                                                                                                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00822964
                                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00822974
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00822978
                                                                                                                                                                                                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00822988
                                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00822991
                                                                                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0082299A
                                                                                                                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008229C6
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 008229DD
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00822A1D
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00822A31
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00822A42
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00822A77
                                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00822A82
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00822A8D
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00822A97
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d7e2d47c880ff926043418a3ebcf4bc1a242b87ebb09201496a81db5fc6c8da9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5ae498f194a262704f136def27f25184a18bfb457e0caa3a2a9f091058690165
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e2d47c880ff926043418a3ebcf4bc1a242b87ebb09201496a81db5fc6c8da9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB14A71A00219AFEB14DF68DC8AEAE7BA9FB49710F008614F915E7691D774ED40CBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00814ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00814AED
                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,0083CB68,?,\\.\,0083CC08), ref: 00814BCA
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,0083CB68,?,\\.\,0083CC08), ref: 00814D36
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f7adff8bb016d57c5b05b128d53e61ec3c7b9a178935330d90b4e2539c08a383
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b91fee73f3a0fea77c44a75e5cc2424f6e2875c825d076851385dda1f3731a90
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7adff8bb016d57c5b05b128d53e61ec3c7b9a178935330d90b4e2539c08a383
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D61D330605149DBCB04DF64CA82DECB7A8FF86744B249115F816EB291EB3ADD91DB81
                                                                                                                                                                                                                                                                                                                                                                          Function 008373E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00837421
                                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00837425
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0083743B
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00837446
                                                                                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 0083744B
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 00837463
                                                                                                                                                                                                                                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00837471
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00837482
                                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0083748B
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00837498
                                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 008374B7
                                                                                                                                                                                                                                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008374CE
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 008374DB
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0083752A
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00837554
                                                                                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00837572
                                                                                                                                                                                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 0083757D
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 0083758E
                                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00837596
                                                                                                                                                                                                                                                                                                                                                                          • DrawTextW.USER32(?,008370F5,000000FF,?,00000000), ref: 008375A8
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 008375BF
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 008375CA
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 008375D0
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 008375D5
                                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 008375DB
                                                                                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 008375E5
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 78fc5ec5793bee185b3161953c796fbf20fd92b11ab0cfc5111521be17122f3e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 32b05e7d703dee099e88edd28a0069222f6a6b141d7f7d2b3cb5df24b373bf9f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78fc5ec5793bee185b3161953c796fbf20fd92b11ab0cfc5111521be17122f3e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2617B72900218AFDF119FA4DC49EEEBFB9FB88320F104915F911BB2A1D775A940DB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00830FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00831128
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0083113D
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00831144
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00831199
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 008311B9
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008311ED
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0083120B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0083121D
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00831232
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00831245
                                                                                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 008312A1
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008312BC
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008312D0
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 008312E8
                                                                                                                                                                                                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 0083130E
                                                                                                                                                                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00831328
                                                                                                                                                                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 0083133F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 008313AA
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6318f339b59fa94e494466b02a8e353a6d04f47aa73301ebf099c3ac9aa5a125
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 27dfb50a215d735f8941a388320fd77fb9fe614ff48c85da38180171b6b61466
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6318f339b59fa94e494466b02a8e353a6d04f47aa73301ebf099c3ac9aa5a125
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CB17A71608341AFDB04DF64C889B6ABBE4FFC8740F008918F999EB261D735E844CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00830241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 008302E5
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083031F
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00830389
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008303F1
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00830475
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 008304C5
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00830504
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BF9F2: _wcslen.LIBCMT ref: 007BF9FD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00802258
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0080228A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f6a9db61a119f1edd8d51baffee24913ddd9b5cf45d4c3fc1278e74e58621b1a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 22b8f288b78e1fa69114188d27db597df21f52eaf194e905d292846add89f4df
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6a9db61a119f1edd8d51baffee24913ddd9b5cf45d4c3fc1278e74e58621b1a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84E18B312182059BC714DF24C96192AB3E6FFD8718F144A5CF896EB3A6DB34ED45CB82
                                                                                                                                                                                                                                                                                                                                                                          Function 007B8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007B8968
                                                                                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 007B8970
                                                                                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007B899B
                                                                                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 007B89A3
                                                                                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 007B89C8
                                                                                                                                                                                                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007B89E5
                                                                                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007B89F5
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007B8A28
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007B8A3C
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 007B8A5A
                                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007B8A76
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 007B8A81
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: GetCursorPos.USER32(?), ref: 007B9141
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: ScreenToClient.USER32(00000000,?), ref: 007B915E
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: GetAsyncKeyState.USER32(00000001), ref: 007B9183
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: GetAsyncKeyState.USER32(00000002), ref: 007B919D
                                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,007B90FC), ref: 007B8AA8
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 07f91df87db3bd8ccd172721b73605eb070f08aba41618374722527f9cf1ad3b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 99608de9c6b64b7e658f0a6ec16447f21179b97d0398387a42b40fcb079f3581
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07f91df87db3bd8ccd172721b73605eb070f08aba41618374722527f9cf1ad3b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14B12875A0020AEFDF14DFA8DC49BEA7BB5FB48314F104629FA15A7290DB78E841CB51
                                                                                                                                                                                                                                                                                                                                                                          Function 00800D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00801114
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 00801120
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 0080112F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 00801136
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0080114D
                                                                                                                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00800DF5
                                                                                                                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00800E29
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00800E40
                                                                                                                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00800E7A
                                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00800E96
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00800EAD
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00800EB5
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00800EBC
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00800EDD
                                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00800EE4
                                                                                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00800F13
                                                                                                                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00800F35
                                                                                                                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00800F47
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00800F6E
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800F75
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00800F7E
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800F85
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00800F8E
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800F95
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00800FA1
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00800FA8
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801193: GetProcessHeap.KERNEL32(00000008,00800BB1,?,00000000,?,00800BB1,?), ref: 008011A1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00800BB1,?), ref: 008011A8
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00800BB1,?), ref: 008011B7
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4365bb86b256d493b67125946c6b3639af7133c0d147067371263476b446eb9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2a3d5eba6e04185f9e2890bcbafbfb25507da02953d5af9266b62bba545db2c0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4365bb86b256d493b67125946c6b3639af7133c0d147067371263476b446eb9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8771687290420AABDF609FA4DC48BAEBBB8FF45311F044625EA59F6191DB309A05DF60
                                                                                                                                                                                                                                                                                                                                                                          Function 0082C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0082C4BD
                                                                                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,0083CC08,00000000,?,00000000,?,?), ref: 0082C544
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0082C5A4
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082C5F4
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082C66F
                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0082C6B2
                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0082C7C1
                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0082C84D
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0082C881
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0082C88E
                                                                                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0082C960
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 136045334a8ffcd2af7d2622ed1058c557a1018981fcb4067d8544f15ef0a394
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3251fdfa73693ad305c9a701ac741b8b0b38677e15f4bd69dd3853cd3444d171
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 136045334a8ffcd2af7d2622ed1058c557a1018981fcb4067d8544f15ef0a394
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25125735604211EFCB18EF14D895A2AB7E5FF89714F04895CF88A9B3A2DB35ED41CB81
                                                                                                                                                                                                                                                                                                                                                                          Function 0083091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 008309C6
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00830A01
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00830A54
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00830A8A
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00830B06
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00830B81
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BF9F2: _wcslen.LIBCMT ref: 007BF9FD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00802BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00802BFA
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 63293269f2119bd0d6f7cf4e6f6ca3791bb61eb43776957c918ee295db061c96
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0e75567a241e42852221227805da6746722f25f9e76b0da830bc958a6b5ed741
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63293269f2119bd0d6f7cf4e6f6ca3791bb61eb43776957c918ee295db061c96
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8E156312082119FC714EF28C46092AB7E1FFD9718F158A5CE8969B3A2D735ED45CB82
                                                                                                                                                                                                                                                                                                                                                                          Function 0082C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 80f9d949e2ba7853d835a3357c8e4f160fa4b6ee2afd5cf1fe18242d32cde12f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 02909750e756fcec2c9291de52c3d359eda32428fd66c9567a31b41bdc84437c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80f9d949e2ba7853d835a3357c8e4f160fa4b6ee2afd5cf1fe18242d32cde12f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D71E47260453A8BCB20DE7CED51ABE3391FFA1764B250529F856E7284E635DDC4C3A0
                                                                                                                                                                                                                                                                                                                                                                          Function 0083833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083835A
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0083836E
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00838391
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008383B4
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008383F2
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00835BF2), ref: 0083844E
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00838487
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008384CA
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00838501
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0083850D
                                                                                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0083851D
                                                                                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,00835BF2), ref: 0083852C
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00838549
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00838555
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b24eb405d0cabdfaada15d8a4ac03f7dbb6c127ed68c020e5ea1ab31883fcd07
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fb6d5fd7aa7be9c600e63d33e05ad71f01ec4ba888e40964bca0dd6eaec6ffef
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b24eb405d0cabdfaada15d8a4ac03f7dbb6c127ed68c020e5ea1ab31883fcd07
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE61AF72940319FEEB14DF64CC45BBE77A8FB88B11F104609F815E61D1DBB8A994CBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ededa2ac647eb0ff3ce2cfbc23c61ec26ffe4bbfcedc4e1a45f945b5062dd22
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5ad688a7ffda83757b2c02b0df33b06c13206d885b048082db4f1ae675f76b16
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ededa2ac647eb0ff3ce2cfbc23c61ec26ffe4bbfcedc4e1a45f945b5062dd22
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C981F971A04609FBDB24AF64DC46FAE7768FF96300F044128F914AA292EB7CD911D7E1
                                                                                                                                                                                                                                                                                                                                                                          Function 00813E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 00813EF8
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00813F03
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00813F5A
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00813F98
                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 00813FD6
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081401E
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00814059
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00814087
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ffed861f654d425fb54fc2f6afc588f2901d78f42e094636dab5bceb7bea510b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cce4685344f1b149ecd44fdb066793c438d07228f642dff60d29868acbd2a76a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffed861f654d425fb54fc2f6afc588f2901d78f42e094636dab5bceb7bea510b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8771F3726046119FC310DF24C8808AAB7F8FF99758F104A2DF596D7251EB35DD8ACB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00805A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00805A2E
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00805A40
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00805A57
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00805A6C
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00805A72
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00805A82
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00805A88
                                                                                                                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00805AA9
                                                                                                                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00805AC3
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00805ACC
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00805B33
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00805B6F
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00805B75
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00805B7C
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00805BD3
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00805BE0
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00805C05
                                                                                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00805C2F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 68baee50d4610257de4902b172725f772c1bc63aecd4019bf61b99a9227493d4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a1eb9e0093e584908e6e28fcbb554f7deb069105609c093e9705b25f6541a491
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68baee50d4610257de4902b172725f772c1bc63aecd4019bf61b99a9227493d4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6713C31A00B09AFDB60DFA8CE96A6FBBF5FF48714F104918E542E25A0D775A944CF60
                                                                                                                                                                                                                                                                                                                                                                          Function 0081FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 0081FE27
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 0081FE32
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0081FE3D
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 0081FE48
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 0081FE53
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 0081FE5E
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 0081FE69
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 0081FE74
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 0081FE7F
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 0081FE8A
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 0081FE95
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 0081FEA0
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 0081FEAB
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 0081FEB6
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 0081FEC1
                                                                                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 0081FECC
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorInfo.USER32(?), ref: 0081FEDC
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0081FF1E
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6bd6ced27afdaa58daf54f749f164bca95d757c6aceb88aabe7e9fa24c5456c2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d3496bb85bf42900962cf32848e735a2743b4827d9bebb09b9b4a13f107678ee
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bd6ced27afdaa58daf54f749f164bca95d757c6aceb88aabe7e9fa24c5456c2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C44152B0D08319AEDB109FBA8C8985EBFE8FF44354B54452AF11DE7281DB78A941CF91
                                                                                                                                                                                                                                                                                                                                                                          Function 007C00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007C00C6
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0087070C,00000FA0,4090BB5B,?,?,?,?,007E23B3,000000FF), ref: 007C011C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007E23B3,000000FF), ref: 007C0127
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007E23B3,000000FF), ref: 007C0138
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007C014E
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007C015C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007C016A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007C0195
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007C01A0
                                                                                                                                                                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 007C00E7
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00A3: __onexit.LIBCMT ref: 007C00A9
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 007C0133
                                                                                                                                                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 007C0162
                                                                                                                                                                                                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 007C0148
                                                                                                                                                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 007C0122
                                                                                                                                                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 007C0154
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f3f8906da1bcc036b5cc1c21e736bbc11825eda22e352072e9e656917b0f8ce3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a6856baf5acd750a312694457faeb64f79508f3b2a5d7f726579cbe18707ea08
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3f8906da1bcc036b5cc1c21e736bbc11825eda22e352072e9e656917b0f8ce3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4021D732A45714EBD7115BA4AC0DF6E77E4FB84B51F04052DF915E2392DBBC9C408AD0
                                                                                                                                                                                                                                                                                                                                                                          Function 008030F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ff721b7032c343d9c0a5af93656864a193106ca76ab3030a99ae343675f4a153
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 66d19b5e88573320ec7cea33fe297e85834a34fd6fd4b804e9946fe6cda9bb7b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff721b7032c343d9c0a5af93656864a193106ca76ab3030a99ae343675f4a153
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E10632A00516EBCB689FA8CC95BEEBBB8FF54710F158119E456F7280DB34AE45C790
                                                                                                                                                                                                                                                                                                                                                                          Function 008144C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,0083CC08), ref: 00814527
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081453B
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00814599
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008145F4
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081463F
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008146A7
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BF9F2: _wcslen.LIBCMT ref: 007BF9FD
                                                                                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,00866BF0,00000061), ref: 00814743
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 15890074c87fd1e08fc54b7d4dbf3c46cfcffd89cdaa4d8d9562d622bfaf22f5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a276dc792c9f8e2593c2fb41535af8a12776c2c3b3dc952b3ca8f7166f807f7
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15890074c87fd1e08fc54b7d4dbf3c46cfcffd89cdaa4d8d9562d622bfaf22f5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDB103716083029FC710DF28C890AAAB7E9FFE6764F505A1DF596C7291E734D884CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007A326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00871990), ref: 007E2F8D
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00871990), ref: 007E303D
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007E3081
                                                                                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 007E308A
                                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(00871990,00000000,?,00000000,00000000,00000000), ref: 007E309D
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007E30A9
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 13b694912ff5e4f9a2213ca3e94332c242d2d99ed6a611bbaf11d1fdc865f464
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 164a313a74850c07075c5a9d311edaf21ab5242b31bc68d97cc67dfa12db5a8b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13b694912ff5e4f9a2213ca3e94332c242d2d99ed6a611bbaf11d1fdc865f464
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D713A31641255BEFB218F29CC4DFAABF69FF49324F204216F514AA1E1C7B9AD50CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00836CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 00836DEB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00836E5F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00836E81
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00836E94
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00836EB5
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007A0000,00000000), ref: 00836EE4
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00836EFD
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00836F16
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00836F1D
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00836F35
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00836F4D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9944: GetWindowLongW.USER32(?,000000EB), ref: 007B9952
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7e7f274a20acb23d4e9618134841eaacedf31e7ab7a35fdcbdb071f22123bead
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 32f626ba179517b4018f9f91b17710d481c6daaf7a5ea3a7b17b5b8ccb2aa64f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e7f274a20acb23d4e9618134841eaacedf31e7ab7a35fdcbdb071f22123bead
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94718A70104244AFDB21CF1CD848BAABBE9FBC9304F54491DFA99D7260EB70E956CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 0083911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 00839147
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00837674: ClientToScreen.USER32(?,?), ref: 0083769A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00837674: GetWindowRect.USER32(?,?), ref: 00837710
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00837674: PtInRect.USER32(?,?,00838B89), ref: 00837720
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 008391B0
                                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008391BB
                                                                                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008391DE
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00839225
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0083923E
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00839255
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00839277
                                                                                                                                                                                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0083927E
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00839371
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6373ef59b121f4e79c5d2068c6f09c968b928f64fddbd8f194f81364e7c14615
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9015c89a8db69346d0ce98aac74eae0fbfc3788eca05a7ae60a3bbe4b2a05690
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6373ef59b121f4e79c5d2068c6f09c968b928f64fddbd8f194f81364e7c14615
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25615A71108301AFC701EF64DC89DABBBE8FFC9750F000A1DF695922A1DB749A49CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 0081C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0081C4B0
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0081C4C3
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0081C4D7
                                                                                                                                                                                                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0081C4F0
                                                                                                                                                                                                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0081C533
                                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0081C549
                                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0081C554
                                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0081C584
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0081C5DC
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0081C5F0
                                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0081C5FB
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 623be831c51a939dde05dfacb3095624c7fab5bc7c3a49a2feca6bf31bc2ca9e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ff1c7f1fd91ee3788b86c3406ee82f9fb956b53f4feccd60775f125246eb8f5f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 623be831c51a939dde05dfacb3095624c7fab5bc7c3a49a2feca6bf31bc2ca9e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9514BB1540608BFDB218F64C988AFB7BFDFF48754F004519F945E6210DB74E9849B61
                                                                                                                                                                                                                                                                                                                                                                          Function 0083856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00838592
                                                                                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008385A2
                                                                                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008385AD
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008385BA
                                                                                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 008385C8
                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008385D7
                                                                                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 008385E0
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008385E7
                                                                                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 008385F8
                                                                                                                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0083FC38,?), ref: 00838611
                                                                                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00838621
                                                                                                                                                                                                                                                                                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00838641
                                                                                                                                                                                                                                                                                                                                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00838671
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00838699
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008386AF
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 799c52b9dae43e2c38d8673b3c3c3f9e2e2de6e5efcbb3c29ae960e3e3065753
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a6f76b6f1d0a1f95ab34b65adc994c91ffcc4e3ef16cc0ab73633c8a7d6cccff
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 799c52b9dae43e2c38d8673b3c3c3f9e2e2de6e5efcbb3c29ae960e3e3065753
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD411975600208EFDB119FA5CC89EAF7BB8FF99715F108458F90AE7260DB349901DB60
                                                                                                                                                                                                                                                                                                                                                                          Function 008114BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00811502
                                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0081150B
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00811517
                                                                                                                                                                                                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008115FB
                                                                                                                                                                                                                                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00811657
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00811708
                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0081178C
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 008117D8
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 008117E7
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00811823
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 291ebe8cddcab6d337307d83cbb7373bcf118596796016d9a0b05c54f5c073c8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 53c06c1996f18e91c1f99d9cbeaf937f832c6fb8d3ba54283b7aaab47f04f557
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 291ebe8cddcab6d337307d83cbb7373bcf118596796016d9a0b05c54f5c073c8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D1DF31A00119EBDF10AF65D88CBE9B7BAFF45704F148556E646EB280DB34E880DB62
                                                                                                                                                                                                                                                                                                                                                                          Function 0082B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0082B6AE,?,?), ref: 0082C9B5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082C9F1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA68
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA9E
                                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0082B6F4
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0082B772
                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 0082B80A
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0082B87E
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0082B89C
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0082B8F2
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0082B904
                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0082B922
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0082B983
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0082B994
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 30df37ba54b82a91451cd3df4a7a349d4939047d7b17acfb0909d3c7fb951994
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 535e4e9f7050c61bf42af6cb26664f7ab85efdf16c2b0d5b0ef0d5b95ed5bd1b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30df37ba54b82a91451cd3df4a7a349d4939047d7b17acfb0909d3c7fb951994
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AC1AC31205211EFD714DF14D498F2ABBE5FF85308F18855CE59A8B2A2CB35EC85CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 0082255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 008225D8
                                                                                                                                                                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008225E8
                                                                                                                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 008225F4
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00822601
                                                                                                                                                                                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0082266D
                                                                                                                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008226AC
                                                                                                                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008226D0
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 008226D8
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 008226E1
                                                                                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 008226E8
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 008226F3
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c37c634e97c3a7f7c0c8f6f78d6553a53272839278ab52505e23b416b8d92ac1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 805bc59b4fe5a7a31c0f8be844015f3108b32db964dcde1bf9efdb23da31e929
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c37c634e97c3a7f7c0c8f6f78d6553a53272839278ab52505e23b416b8d92ac1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A61D276D00219EFCF14CFA8D884AAEBBB5FF48310F208529E955A7250E774A951DF60
                                                                                                                                                                                                                                                                                                                                                                          Function 007DDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 007DDAA1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD659
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD66B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD67D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD68F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD6A1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD6B3
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD6C5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD6D7
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD6E9
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD6FB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD70D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD71F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD63C: _free.LIBCMT ref: 007DD731
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDA96
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000), ref: 007D29DE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: GetLastError.KERNEL32(00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000,00000000), ref: 007D29F0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDAB8
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDACD
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDAD8
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDAFA
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB0D
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB1B
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB26
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB5E
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB65
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB82
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DDB9A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4deb39d17acada408cb469c9556e4e3d5982fa643f495f4134d1129d1600c704
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f5774c707e36d6212aa8a5b7a519509ed922b2f0813dc6e52c682e0cf3aaa327
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4deb39d17acada408cb469c9556e4e3d5982fa643f495f4134d1129d1600c704
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F315C71604604DFEB31AA78E849B6677F8FF50314F15841BE449E73A2EE38BC419B20
                                                                                                                                                                                                                                                                                                                                                                          Function 0080365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0080369C
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008036A7
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00803797
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 0080380C
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0080385D
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00803882
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 008038A0
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 008038A7
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00803921
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 0080395D
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b293907bfc879c9c3fc027a0998861db7cffec63eaeebd7ddfccef9ced5c8ece
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1398fe7b9c8e522386c8766b2b3de934deac66976576c23d5c62a276e0d4a547
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b293907bfc879c9c3fc027a0998861db7cffec63eaeebd7ddfccef9ced5c8ece
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97919D71204606AFD759DF24CC85FAABBACFF45350F008A2DF999D2190EB30EA45CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00804954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00804994
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 008049DA
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008049EB
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 008049F7
                                                                                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00804A2C
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00804A64
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00804A9D
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00804AE6
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00804B20
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00804B8B
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fb29da29e0a05b9a8d5cfabc2ea7ac32f2e5f21e8ae54e87bb91af8d97422af3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c1ae2f07c9147de67d8b9a56eead46ec6c57e72bf72c753c84231c1e0df6a9d3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb29da29e0a05b9a8d5cfabc2ea7ac32f2e5f21e8ae54e87bb91af8d97422af3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7391B9B21442099BDB04CF54C985BAAB7E8FF84324F04946DFE85DA0D6EB34ED45CBA1
                                                                                                                                                                                                                                                                                                                                                                          Function 00838D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00838D5A
                                                                                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00838D6A
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 00838D75
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00838E1D
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00838ECF
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00838EEC
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00838EFC
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00838F2E
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00838F70
                                                                                                                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00838FA1
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1e2862992c9b31acaf015422dfba27eb44b4f71a6a7ba15ce329efa682ad4c8b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e8ab2ff6ca01f19abc938f5281f9ef9b31fbaad182b268e8889706730e34154
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e2862992c9b31acaf015422dfba27eb44b4f71a6a7ba15ce329efa682ad4c8b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88817971508305EBDB20DF24D888AABBBE9FBC8754F140919F995E7291DB70D901CBA2
                                                                                                                                                                                                                                                                                                                                                                          Function 0080DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0080DC20
                                                                                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0080DC46
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0080DC50
                                                                                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0080DCA0
                                                                                                                                                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0080DCBC
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2db47d0ad370bab61dca523eb8e68264fa700fc26bdf91d1797e2b40ff0edb43
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e22ada7e619e0494e41d60c435de2fac83b0048e2623529473f35f8bacf7cc2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2db47d0ad370bab61dca523eb8e68264fa700fc26bdf91d1797e2b40ff0edb43
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C741D072940305BAEB14A7B49C4BFBF77ACFF85710F10006DF900E6282EA69DA1197A4
                                                                                                                                                                                                                                                                                                                                                                          Function 0082CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0082CC64
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0082CC8D
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0082CD48
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0082CCAA
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0082CCBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0082CCCF
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0082CD05
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0082CD28
                                                                                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0082CCF3
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dc1ce4a8cf7e55660080297a3e9ae4e46c4726dff26b1af0487d59aadafefdc8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 83df9d122aa95a8b0021b981bda57ee8bbbeb7c8b3ccb83c872f5ab554a90be2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc1ce4a8cf7e55660080297a3e9ae4e46c4726dff26b1af0487d59aadafefdc8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3318C76901128BBDB208B65EC88EFFBB7CFF45740F000565A906E3240DA749E85ABA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00813D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00813D40
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00813D6D
                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00813D9D
                                                                                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00813DBE
                                                                                                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 00813DCE
                                                                                                                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00813E55
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00813E60
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00813E6B
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 09605b888e65675a2cce22f1827d2a579005fc274cb5e9af7403329a54cf66bc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b106371e5b1a30ef09b8b721c2c4b638177b0d2d84cdb33a6dc017a3bdff8c0e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09605b888e65675a2cce22f1827d2a579005fc274cb5e9af7403329a54cf66bc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E03192B2900259ABDB219BA0DC49FEF77BCFF88700F1041B9F515E61A0EB7497848B64
                                                                                                                                                                                                                                                                                                                                                                          Function 0080E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0080E6B4
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BE551: timeGetTime.WINMM(?,?,0080E6D4), ref: 007BE555
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0080E6E1
                                                                                                                                                                                                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0080E705
                                                                                                                                                                                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0080E727
                                                                                                                                                                                                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 0080E746
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0080E754
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0080E773
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 0080E77E
                                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32 ref: 0080E78A
                                                                                                                                                                                                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 0080E79B
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4aa88379d8d9304eb5c6a1bea97aca8c99a8ef263e30f6a733d2d14d817c0347
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 27203e1df272b43aada7873e6291ccf0d785933bebba69560b751c9d52f73a23
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aa88379d8d9304eb5c6a1bea97aca8c99a8ef263e30f6a733d2d14d817c0347
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F216F70200204AFEB50AF64EC8EA263B69FBB4349F140C25F51AD12F1DB75EC409B25
                                                                                                                                                                                                                                                                                                                                                                          Function 0080E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0080EA5D
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0080EA73
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0080EA84
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0080EA96
                                                                                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0080EAA7
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4502f1bdf8170bf9332c55f50e32e8f83575809c43c07c1c1d8efb62b316f097
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f266bf71d6bc420e77c1971eaed2e25a7d604888be66a27c546151ea7ac81967
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4502f1bdf8170bf9332c55f50e32e8f83575809c43c07c1c1d8efb62b316f097
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86115131A50269B9E720A7A1DC4ADFF6A7CFBD6B40F0509297811E21D1EEB41915C9B0
                                                                                                                                                                                                                                                                                                                                                                          Function 00805CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00805CE2
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00805CFB
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00805D59
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00805D69
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00805D7B
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00805DCF
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00805DDD
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00805DEF
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00805E31
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00805E44
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00805E5A
                                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00805E67
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3a370a7e99dfd1b2b50c17eab9869daa1fe4324075b91342a86a635623660b89
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 66087c7ee6a32c94ef20a56eb5718103e79dbf83da96ad4c2f49ab3fbcc73d81
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a370a7e99dfd1b2b50c17eab9869daa1fe4324075b91342a86a635623660b89
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E851FFB1A00615AFDF18CF68DD89AAE7BB5FB98300F148529F915E6290D7709E04CF60
                                                                                                                                                                                                                                                                                                                                                                          Function 007B8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007B8BE8,?,00000000,?,?,?,?,007B8BBA,00000000,?), ref: 007B8FC5
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 007B8C81
                                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,007B8BBA,00000000,?), ref: 007B8D1B
                                                                                                                                                                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 007F6973
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007B8BBA,00000000,?), ref: 007F69A1
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007B8BBA,00000000,?), ref: 007F69B8
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007B8BBA,00000000), ref: 007F69D4
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 007F69E6
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 34560c2854c47e1adc2bb3c6cdea0f46d9fe3492a2d6dfb66194ae712e238855
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e2323935c3fa1a207381db795fc68b2de067f0cdc4333574848cb5f382319fd
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34560c2854c47e1adc2bb3c6cdea0f46d9fe3492a2d6dfb66194ae712e238855
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A61DC71102604DFCB658F28C94CBB5BBF5FB40312F14895CE2469AA60CB79E8C1DFA2
                                                                                                                                                                                                                                                                                                                                                                          Function 007B9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9944: GetWindowLongW.USER32(?,000000EB), ref: 007B9952
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 007B9862
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a1abbedc67c0a6fdefdc32ffbeb45c062790ebde9f239d1c101eae788b6e9a04
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 51efcdd2a3effd9f633ed837ed09365666d2458638f89227be9f529befb7c789
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1abbedc67c0a6fdefdc32ffbeb45c062790ebde9f239d1c101eae788b6e9a04
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9417C31104644AFDB215F389C88BF93BB5BB46331F144A19FBB29B2E1D7399842DB10
                                                                                                                                                                                                                                                                                                                                                                          Function 007D8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: .|
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-4027933657
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8cbf94ff9e1700a5acdc5ca1846abd1e8dfebfaa2cfcca11c45215890b006102
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 892ab6226552f385a65a41eb1cfbd16ffece8ff68d602fb353f2793115297142
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cbf94ff9e1700a5acdc5ca1846abd1e8dfebfaa2cfcca11c45215890b006102
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53C1E575A0434AEFDF11DFA8D845BADBBB1BF09310F14415AE518AB392C7389941CF61
                                                                                                                                                                                                                                                                                                                                                                          Function 008096E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,007EF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00809717
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007EF7F8,00000001), ref: 00809720
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,007EF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00809742
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007EF7F8,00000001), ref: 00809745
                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00809866
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 97c6956fbb368bd20eb216966f9ee1a36198674f43bb665e70170bab4a6ee54c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d7865b3b1e919aacc9b3d745ae02afff1c6357f44560116e32f5019e142877cb
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97c6956fbb368bd20eb216966f9ee1a36198674f43bb665e70170bab4a6ee54c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59412D72800219AACF04EBE0CD4ADEEB778FF95340F504565F605B2192EB396F59CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 008006DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008007A2
                                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008007BE
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008007DA
                                                                                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00800804
                                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0080082C
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00800837
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0080083C
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0d6f98ff3565e0cc22050423a099ebcf8f879bdf55d3f31f1d154e8861a3022b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f2d75fcecab8d0773798e954232ffa6a87b5352603ef676c2423fb96b679d85e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d6f98ff3565e0cc22050423a099ebcf8f879bdf55d3f31f1d154e8861a3022b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC41E772C10229EADF15EFA4DC999EDB778FF44350F144629E915A31A1EB385E04CFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00823C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00823C5C
                                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00823C8A
                                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00823C94
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00823D2D
                                                                                                                                                                                                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00823DB1
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00823ED5
                                                                                                                                                                                                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00823F0E
                                                                                                                                                                                                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,0083FB98,?), ref: 00823F2D
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00823F40
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00823FC4
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00823FD8
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6ddf9959c9b6c2beb82e2453e3acded5fdd981800898266659abb925a5d63f65
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f2c48e595fbf0e582171d1d88da97b2561360f94d2adc00a9687c6d274480b94
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ddf9959c9b6c2beb82e2453e3acded5fdd981800898266659abb925a5d63f65
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01C132B1608215AFC700DF68D89492BB7E9FF89748F00491DF98ADB251DB34EE45CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00817A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00817AF3
                                                                                                                                                                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00817B8F
                                                                                                                                                                                                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00817BA3
                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0083FD08,00000000,00000001,00866E6C,?), ref: 00817BEF
                                                                                                                                                                                                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00817C74
                                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 00817CCC
                                                                                                                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00817D57
                                                                                                                                                                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00817D7A
                                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00817D81
                                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00817DD6
                                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00817DDC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d893d92c9f6eb98a91173d4aca519fe74ddcdf43b2ec39301ed1859fc591896d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 919bde025b3551bcc5d5f3427479ce16acb73b6d72827a9eca00b21a2027fb6b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d893d92c9f6eb98a91173d4aca519fe74ddcdf43b2ec39301ed1859fc591896d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51C11B75A04109EFCB14DF64C888DAEBBF9FF48314B1485A9E516DB261D734EE81CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 0083541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00835504
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00835515
                                                                                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000158), ref: 00835544
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00835585
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0083559B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008355AC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5d504928c1183d5aeff3e32d002a1a6cc7cf1225337d73955a203dfa63cb657f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 84373b7dae2f5e7e31a4dc3e90a3863d5cd805b900d752f584249b9956e151e7
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d504928c1183d5aeff3e32d002a1a6cc7cf1225337d73955a203dfa63cb657f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E619CB1900608EFDF10CF94CC85AFE7BB9FB89724F104549F925EA290D7749A80DBA1
                                                                                                                                                                                                                                                                                                                                                                          Function 007FFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 007FFAAF
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 007FFB08
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 007FFB1A
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 007FFB3A
                                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 007FFB8D
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 007FFBA1
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007FFBB6
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 007FFBC3
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007FFBCC
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007FFBDE
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 007FFBE9
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1d84f42a9c6fc46ff993961af3e7e231face41ae532d36a6cdb0c72d1319c58a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6c52ae6d493a3b0b11803278dd570f4d01e026e5a974173b66918bf616912594
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d84f42a9c6fc46ff993961af3e7e231face41ae532d36a6cdb0c72d1319c58a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29414F75A00219EFCB00DF68D8589BEBBB9FF48354F008469E955A7361CB34E945CBA1
                                                                                                                                                                                                                                                                                                                                                                          Function 00809C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00809CA1
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00809D22
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 00809D3D
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00809D57
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 00809D6C
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00809D84
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00809D96
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00809DAE
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00809DC0
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00809DD8
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00809DEA
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 421ce58021ec4570a47c4eecfc8cf498424438d6ef5c148f0ad9e6275ab9a4db
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ccdfac957260806728e4ec6eae634159bfc25b5ccb2dd83e3eca78f3b17ea5ef
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 421ce58021ec4570a47c4eecfc8cf498424438d6ef5c148f0ad9e6275ab9a4db
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B841B5349447CA6DFFB19664CC043B6BEA0FF51344F08805ADAC6965C3EBA59DC8C7A2
                                                                                                                                                                                                                                                                                                                                                                          Function 0082055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 008205BC
                                                                                                                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 0082061C
                                                                                                                                                                                                                                                                                                                                                                          • gethostbyname.WSOCK32(?), ref: 00820628
                                                                                                                                                                                                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 00820636
                                                                                                                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008206C6
                                                                                                                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008206E5
                                                                                                                                                                                                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 008207B9
                                                                                                                                                                                                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 008207BF
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 590277c8c448eeb2ab1f17e67d8279dd0bae4e218afbc60c0ccef576442bf9b2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 30456090e1c2d602b112af063c91a3e34f323854497bed366605e3407a5368d2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 590277c8c448eeb2ab1f17e67d8279dd0bae4e218afbc60c0ccef576442bf9b2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63917A75604211AFD320CF15D888B1ABBE0FF88318F1489A9E469DB6A2C735ED81CF91
                                                                                                                                                                                                                                                                                                                                                                          Function 00828CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ebc2556130e5074ee7c83d25ab269cc1fdcf897403fb3b957ecbceda8d4421ef
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0f3f382dcf87038f0793eda72033f118887dc5cc78af41bebfa5163d7acdbedc
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebc2556130e5074ee7c83d25ab269cc1fdcf897403fb3b957ecbceda8d4421ef
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC51C136A01126EBCF14DFACD9509BEB3A5FF65324B214229E926E72C4DB34DD84C790
                                                                                                                                                                                                                                                                                                                                                                          Function 0082372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32 ref: 00823774
                                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 0082377F
                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,0083FB78,?), ref: 008237D9
                                                                                                                                                                                                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 0082384C
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 008238E4
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00823936
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c3072cda4c1b23869926bd3f8df83746746e89e1dadda50d517e8102ddec1b8f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c2711f7df050fd2c6fc44756ded11d7d11fa08992aa0bbeb9694fc6ddd43f80c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3072cda4c1b23869926bd3f8df83746746e89e1dadda50d517e8102ddec1b8f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8761C170608311AFD710DF54D858B5ABBE8FF89714F000929F995DB291C778EE88CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00818195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00818257
                                                                                                                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00818267
                                                                                                                                                                                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00818273
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00818310
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00818324
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00818356
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0081838C
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00818395
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 62e291b925e04a8b87fc8f1a7080343c6749eb8bfdbc0a314d1f36e7fcad18af
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4ed66d954486fa75b0ddec48c8d56575ac7e8e6704a1391d39be584abc21fc9a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62e291b925e04a8b87fc8f1a7080343c6749eb8bfdbc0a314d1f36e7fcad18af
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 876156B2504205EFCB10EF64C8459AEB3E8FF89314F08891EF999D7251EB35E945CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00813388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008133CF
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008133F0
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4ab360ba76b8d8adde6c88e3d7accebb043319e63ae5161a02bc11462da98907
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dc715814787376f07c19ab4786b391ed94d9f152e01258a1f2ae533fbcdec4c3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ab360ba76b8d8adde6c88e3d7accebb043319e63ae5161a02bc11462da98907
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E51BD71800219EADF14EBA0CD4AEEEB778FF45740F104165F109B2192EB396FA8CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 0080B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 656913af5d3467896efd4c6820d9f6ff1fe01f05498b88d8bf73a679b48396b9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 22396c6fbf798c09831186729c665c156b475ac9ab05215332f102f9bc143281
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 656913af5d3467896efd4c6820d9f6ff1fe01f05498b88d8bf73a679b48396b9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB418232A001279BCB605E7D8C915BE77A5FBB1B58B254229E531D72C4F736CD81C790
                                                                                                                                                                                                                                                                                                                                                                          Function 00815393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 008153A0
                                                                                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00815416
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00815420
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 008154A7
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f530ca5de5aef071c8e392fc48a17369d4766f3210eea248fefcd70503801153
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b083cf12065ce4d1ac40d8e88b7d405e930d8800631a783b818a20f0a6228d61
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f530ca5de5aef071c8e392fc48a17369d4766f3210eea248fefcd70503801153
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 633192B5A00604DFC710DF68D488AEABBB8FF85305F148065E505DB292EB75DDC6CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00833C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateMenu.USER32 ref: 00833C79
                                                                                                                                                                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00833C88
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00833D10
                                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00833D24
                                                                                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00833D2E
                                                                                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00833D5B
                                                                                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00833D63
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2f20e76c170e59680b697647c15b439b369b50d70101016732b833c00f435b8d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e8055e0aeff228fa0362e893dc21777066a6e7d714280d29c1dec21defd709ec
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f20e76c170e59680b697647c15b439b369b50d70101016732b833c00f435b8d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9414875A01209EFDB14DF64D848BAABBB5FF89350F140429F946E7360D730AA10CB94
                                                                                                                                                                                                                                                                                                                                                                          Function 00801EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00803CCA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00801F64
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 00801F6F
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 00801F8B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00801F8E
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00801F97
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00801FAB
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00801FAE
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 55f2bce1bdceb0fb9a7d320f37b3853773b6025ad0710feb11a97db2dafcf9b2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 59239274930a03961b8245163e90020be8e1e7323bf59cf66e040a6e96b3346a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55f2bce1bdceb0fb9a7d320f37b3853773b6025ad0710feb11a97db2dafcf9b2
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0521B070A00214BBDF44AFA0CC899EEBBB8FF56360F004519F961A72D1DB3859149B60
                                                                                                                                                                                                                                                                                                                                                                          Function 00833A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00833A9D
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00833AA0
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00833AC7
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00833AEA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00833B62
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00833BAC
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00833BC7
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00833BE2
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00833BF6
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00833C13
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a28a0eca6bd5425d5196fc914295fbedf98838ec1a9aa1342a2fcb0dbd128a94
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8ad0a0631208b17c65ecd12256155c42cdcbd7f493d2067eb7d0f5f96b866a4c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a28a0eca6bd5425d5196fc914295fbedf98838ec1a9aa1342a2fcb0dbd128a94
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86618C71900208AFDB11DF68CC85EEEB7B8FB49710F100099FA15E72A1C774AE82DB90
                                                                                                                                                                                                                                                                                                                                                                          Function 007D2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2C94
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000), ref: 007D29DE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: GetLastError.KERNEL32(00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000,00000000), ref: 007D29F0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CA0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CAB
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CB6
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CC1
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CCC
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CD7
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CE2
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CED
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2CFB
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e6260eaa2780bb3caab3aa82530d2d59402bc91dfc11dede5616bcbeae30a4ef
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7665c268b651c0e132269748309260581493157aa8d2a5eb22d22717c54afd8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6260eaa2780bb3caab3aa82530d2d59402bc91dfc11dede5616bcbeae30a4ef
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8118076100108EFCB02EF94D896C9D3BB5BF15350F5144A6FA48AB332DA35EA52AF90
                                                                                                                                                                                                                                                                                                                                                                          Function 00817DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00817FAD
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00817FC1
                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00817FEB
                                                                                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00818005
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00818017
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00818060
                                                                                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008180B0
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e9ee654bf9f1e886546cd386fa45ad6c13d4e8315b6198fadad5fe6973f43209
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd5282dc917470edf7a803dc5a9dd3a1abdd466ff0e06ab25b9175edcd8dc8e9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9ee654bf9f1e886546cd386fa45ad6c13d4e8315b6198fadad5fe6973f43209
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84818D72508245DBCB20EF14C855AAAB3ECFF89714F144C6EF885D7250EB35ED898B92
                                                                                                                                                                                                                                                                                                                                                                          Function 007A5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 007A5C7A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A5D0A: GetClientRect.USER32(?,?), ref: 007A5D30
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A5D0A: GetWindowRect.USER32(?,?), ref: 007A5D71
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A5D0A: ScreenToClient.USER32(?,?), ref: 007A5D99
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32 ref: 007E46F5
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007E4708
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007E4716
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 007E472B
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 007E4733
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007E47C4
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ba7b7681f276fb1ce95528b72fa426027426d0391ed6bf51693a989858faef2b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 004d61ae8b20730da8b9c14943e7fe7179c86c568b140408bcb1f1da61c7975c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba7b7681f276fb1ce95528b72fa426027426d0391ed6bf51693a989858faef2b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF710331401245EFCF218F69C988ABA7BB5FF8E324F144269ED555A16AC339CC81DFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 0081359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008135E4
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00872390,?,00000FFF,?), ref: 0081360A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f773ffdeb3a27c30e2fc64f02b4eb4cb182c447fb0eb8cf0897e10a17859ba66
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b4111cb61bbef980d7734d5e3ce02c329dce2db182b6a9676209be932d63cf60
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f773ffdeb3a27c30e2fc64f02b4eb4cb182c447fb0eb8cf0897e10a17859ba66
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13517071800219FADF15EBA0DC4AEEEBB38FF55340F144225F115B2191EB385B99DBA1
                                                                                                                                                                                                                                                                                                                                                                          Function 00838B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: GetCursorPos.USER32(?), ref: 007B9141
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: ScreenToClient.USER32(00000000,?), ref: 007B915E
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: GetAsyncKeyState.USER32(00000001), ref: 007B9183
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B912D: GetAsyncKeyState.USER32(00000002), ref: 007B919D
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00838B6B
                                                                                                                                                                                                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 00838B71
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00838B77
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00838C12
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00838C25
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00838CFF
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b2955ef96a05faefe34ac490ed0448ea928de74421ffcd68ef0536455e230afc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 58cf54c5f9a433b3de7cf7f54aa3cdbb3dcedc5cf3ed5a7d2427cf36afa3e427
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2955ef96a05faefe34ac490ed0448ea928de74421ffcd68ef0536455e230afc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC518D71104304EFD704DF24CC5AFAA77E4FB85714F400A2DFA56A72A1DB74A945CBA2
                                                                                                                                                                                                                                                                                                                                                                          Function 0081C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0081C272
                                                                                                                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0081C29A
                                                                                                                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0081C2CA
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0081C322
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0081C336
                                                                                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0081C341
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7ac87a02e5f6a0aeb06351bbae2b36e1f67fe7a2efaccf4316b17425c9e283a5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9da626a8c41f8e805c4ce424f9e265e9e51808ea4637b6222a515caa7ad93560
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ac87a02e5f6a0aeb06351bbae2b36e1f67fe7a2efaccf4316b17425c9e283a5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5317AB1640608AFD7219FA98C88AAB7BFCFF49744F10891EF456E2200DB74DD849B61
                                                                                                                                                                                                                                                                                                                                                                          Function 0080989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007E3AAF,?,?,Bad directive syntax error,0083CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008098BC
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,007E3AAF,?), ref: 008098C3
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00809987
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 53c9361b239d3ff2d25d74585ab7b521ca9a2cf70e3da4050d6b08173e348e9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ec0425d410c63c5b2a1105d2413bc4b7d2528e146f3275b5c33c75a018b6021c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53c9361b239d3ff2d25d74585ab7b521ca9a2cf70e3da4050d6b08173e348e9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0521913280025EEBCF11AF90CC0AEEE7B39FF59700F044459F519A21A2EB799628DB50
                                                                                                                                                                                                                                                                                                                                                                          Function 0080209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 008020AB
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 008020C0
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0080214D
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cc130f31c7b63b63cf5d6b4c9a1f4bd32750bcf9b4f98e8010e054c52b7228de
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f7a1e4fb010567241750a2d0903cefe5bbeea4198ccf702c17c4c1d0bd084db
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc130f31c7b63b63cf5d6b4c9a1f4bd32750bcf9b4f98e8010e054c52b7228de
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58112376288706F9FB152220DC0FDAA739CFB14328F20001EFB04F40D1FBA978025614
                                                                                                                                                                                                                                                                                                                                                                          Function 007DCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: dbb6728d7551913fd729572f43255b635b91d5f5b9acfd37d111f436a7173b5c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e921b4404138b9224f5761efbe5087ff3922e905764cd76ed27e39a01addb5c5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbb6728d7551913fd729572f43255b635b91d5f5b9acfd37d111f436a7173b5c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23610872904302EFDB32AFB4D889AA97BB5AF05310F04416FF944A7382D63D9D42DB60
                                                                                                                                                                                                                                                                                                                                                                          Function 008350D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00835186
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 008351C7
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 008351CD
                                                                                                                                                                                                                                                                                                                                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 008351D1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00836FBA: DeleteObject.GDI32(00000000), ref: 00836FE6
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0083520D
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0083521A
                                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0083524D
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00835287
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00835296
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f8b4ae4367a7c80885265bd61fc5b8d01631f287a79acea4011ab12d1a3291cf
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d513e244a8b7a8c7a350e55bd1fe982bd8d68ac526aee58f9cefe9263c7a9c52
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8b4ae4367a7c80885265bd61fc5b8d01631f287a79acea4011ab12d1a3291cf
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6519130A40A08FFEF209F28CC4ABDD3BA5FB85325F144511FA25D62E0C775A990DB81
                                                                                                                                                                                                                                                                                                                                                                          Function 007B8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 007F6890
                                                                                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 007F68A9
                                                                                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007F68B9
                                                                                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 007F68D1
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007F68F2
                                                                                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007B8874,00000000,00000000,00000000,000000FF,00000000), ref: 007F6901
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 007F691E
                                                                                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007B8874,00000000,00000000,00000000,000000FF,00000000), ref: 007F692D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 685dfe929060fbc7a3c58bce5ab6808a1c6c9b48ceaab3f9d0a92219a12941f1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b704512965cd7815dccdcd372d2c794aee9997c5e31e6a1e22c0619fe4258dd8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 685dfe929060fbc7a3c58bce5ab6808a1c6c9b48ceaab3f9d0a92219a12941f1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2516CB0600209EFDB20CF28CC59FAA7BB9FB94750F14451CFA56A72A0DB74E991DB50
                                                                                                                                                                                                                                                                                                                                                                          Function 0081C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0081C182
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0081C195
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0081C1A9
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0081C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0081C272
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0081C253: GetLastError.KERNEL32 ref: 0081C322
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0081C253: SetEvent.KERNEL32(?), ref: 0081C336
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0081C253: InternetCloseHandle.WININET(00000000), ref: 0081C341
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0b3b2b3ece2d8573f1b8095d04462829062a2730519735e785a650b699f78d29
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8eebd13b12ee9772044d47e13c9dabc4d7411bded87293fc50154ae6f7f7fbf0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b3b2b3ece2d8573f1b8095d04462829062a2730519735e785a650b699f78d29
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32316C71680605BFDB219FA9DC48AABBBFDFF58300B14481DF95AD2610D731E8949BA0
                                                                                                                                                                                                                                                                                                                                                                          Function 008025A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00803A57
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: GetCurrentThreadId.KERNEL32 ref: 00803A5E
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008025B3), ref: 00803A65
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 008025BD
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008025DB
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008025DF
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 008025E9
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00802601
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00802605
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0080260F
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00802623
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00802627
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3dba96da4c5df6e79dfa71a727f0f2a41362751454d6fc26f86dcfc3f20994fb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 097e0b2e4b4459e9e140e863b8802e8630eb151ac49201d98e15691a8ddfaa82
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dba96da4c5df6e79dfa71a727f0f2a41362751454d6fc26f86dcfc3f20994fb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5901B131390624BBFB6067689C8AF593E59EB9AB12F100405F318AE0D1C9E224449A6A
                                                                                                                                                                                                                                                                                                                                                                          Function 00801803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00801449,?,?,00000000), ref: 0080180C
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00801449,?,?,00000000), ref: 00801813
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00801449,?,?,00000000), ref: 00801828
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00801449,?,?,00000000), ref: 00801830
                                                                                                                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00801449,?,?,00000000), ref: 00801833
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00801449,?,?,00000000), ref: 00801843
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00801449,00000000,?,00801449,?,?,00000000), ref: 0080184B
                                                                                                                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00801449,?,?,00000000), ref: 0080184E
                                                                                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00801874,00000000,00000000,00000000), ref: 00801868
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4ba5483d09a1ecfde1f6f195b37e9c6bbff3827919247a81e2872cddf43ca70c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df74ea8206f44f364fc74bf9bd8f923f530d33158186959f489cafb937f38f61
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ba5483d09a1ecfde1f6f195b37e9c6bbff3827919247a81e2872cddf43ca70c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6801BF75240304BFE710AB65DC4DF5B7B6CFB89B11F004411FA05DB291C674D810DB20
                                                                                                                                                                                                                                                                                                                                                                          Function 0082A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0080D501
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0080D50F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080D4DC: CloseHandle.KERNEL32(00000000), ref: 0080D5DC
                                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0082A16D
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0082A180
                                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0082A1B3
                                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 0082A268
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0082A273
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0082A2C4
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ed0f0ebf7244d32363c5a26fa8614f1cecae61fdbc314d4cca23387a9505606e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4429357ca7b8310e32aede22ec8363144fc75cf6cf2ae8e8aca7aa0e6d7bd5de
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed0f0ebf7244d32363c5a26fa8614f1cecae61fdbc314d4cca23387a9505606e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5617B31204252EFD714DF18D898F15BBA5FF84318F18849CE4668B7A2C776EC85CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00833886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00833925
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0083393A
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00833954
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00833999
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 008339C6
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 008339F4
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1aa3523713e115db74b1577e374fe50027380da730913ed87fda90e6812f3a9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a2b5580d257d99d66ac139f3aa016827f6cc96e21c45d967a7e13a9d17ca542
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1aa3523713e115db74b1577e374fe50027380da730913ed87fda90e6812f3a9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B418371A00219ABEF219F64CC49FEA7BA9FF48354F10052AF958E7281D775D980CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 0080BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0080BCFD
                                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 0080BD1D
                                                                                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0080BD53
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(01665D18), ref: 0080BDA4
                                                                                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(01665D18,?,00000001,00000030), ref: 0080BDCC
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 462a997e9776c0bc32f6c3d17bbd3f4940d9f97664b932477e3c8a837bc7e6e1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2e6827a50f634df8d5905ee21e0f60a69a6681bfc20655754468b0dcd8b7458b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 462a997e9776c0bc32f6c3d17bbd3f4940d9f97664b932477e3c8a837bc7e6e1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25517970A0020A9BDB60DFA8DC88BAEFBF4FF45354F148659E811E72D1D770A941CB62
                                                                                                                                                                                                                                                                                                                                                                          Function 007C2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007C2D4B
                                                                                                                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 007C2D53
                                                                                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007C2DE1
                                                                                                                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 007C2E0C
                                                                                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 007C2E61
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                          • String ID: &H|$csm
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1170836740-2313355584
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fae7d14e561552eebeca59609c767806604bf737465d38230f4f7a5d3b37775b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 122196a869e6a23e86d45d019b660ac50ab2357e84f48a8df22f4170a27d4bfc
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fae7d14e561552eebeca59609c767806604bf737465d38230f4f7a5d3b37775b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39417334A00209EBCF10DF68C849F9EBBA5BF55324F14815DE915AB353DB399A06CBE1
                                                                                                                                                                                                                                                                                                                                                                          Function 0080C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0080C913
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 03a692badcd3c0a64717d8ae613302d59c75d5f029daf5618e10bd4c52f28761
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ee993706395a3dab08ab31574b4e47af02c5b1d4302a659a55297c07d667a1b8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03a692badcd3c0a64717d8ae613302d59c75d5f029daf5618e10bd4c52f28761
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3011EB3168930ABEE7155F549C83DAE7B9CFF15358B10423EF904F62C2E7745D005268
                                                                                                                                                                                                                                                                                                                                                                          Function 0080ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0f083426916325831b9a02c3460a7bdd1ac32e1c3a2918a2d114112b4337b2ff
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8417a2efa20e80f913c07520e31ad463ba1d860aad7843d29ac546051100257a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f083426916325831b9a02c3460a7bdd1ac32e1c3a2918a2d114112b4337b2ff
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36418E66C10218B5CB51EBF4CC8AECFB7A8FF45310F50886AE518E3161EB38E645C3A5
                                                                                                                                                                                                                                                                                                                                                                          Function 007BF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,007F682C,00000004,00000000,00000000), ref: 007BF953
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,007F682C,00000004,00000000,00000000), ref: 007FF3D1
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,007F682C,00000004,00000000,00000000), ref: 007FF454
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d2e653bd14ed7e852e5d77286edfc6c68c646bc4cd3636a95961d666eddf298d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: af0bcdc32ed747a9006153f6143345d4b60f80638f1aa9f9bb9764fafcb94dfb
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2e653bd14ed7e852e5d77286edfc6c68c646bc4cd3636a95961d666eddf298d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C141E931608684FAC7399B2D8C8C7BA7B91BF96B14F14453CE647D6660DA3DB880DB11
                                                                                                                                                                                                                                                                                                                                                                          Function 00832D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00832D1B
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00832D23
                                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00832D2E
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00832D3A
                                                                                                                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00832D76
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00832D87
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00835A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00832DC2
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00832DE1
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f37915d0e6abce0557d3d5df284a0578e56bfd91738149a114531a92776fbadb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cf46ad118e0568ecc59ffa40fcf8d0d16332a9d42f896e66f2d37b24a222205b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f37915d0e6abce0557d3d5df284a0578e56bfd91738149a114531a92776fbadb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19319C72201614BFEB218F54CC8AFEB3BA9FF89711F044055FE08EA291D6759C40CBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00805622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d0ccc4e6be341cc520f459d052a6625ad6ed4d2bee9927a902b71c81f5aa55f3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7fa87a191b5d1c6ab9d90ad4da3ffe13c90f91bed67cb218b74b1b1f801814d8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ccc4e6be341cc520f459d052a6625ad6ed4d2bee9927a902b71c81f5aa55f3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7421B661A41A19BBD25455108E82FBB235CFF71398F840038FE15DA6C2F72AED118DF5
                                                                                                                                                                                                                                                                                                                                                                          Function 00824FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ef385005db4e7ecf6346b1bac5c3794a61792abbae54b5804617ed972549bca
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e5e3a053d3f4d80ff908d68908f8cf15029bdfefe17b42df60615197728b250
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ef385005db4e7ecf6346b1bac5c3794a61792abbae54b5804617ed972549bca
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1D1C271A4061AAFDF10CFA8D884BAEB7B5FF48354F148069E915EB281D770DD81CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 007E1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,007E17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 007E15CE
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,007E17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 007E1651
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,007E17FB,?,007E17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 007E16E4
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,007E17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 007E16FB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D3820: RtlAllocateHeap.NTDLL(00000000,?,00871444,?,007BFDF5,?,?,007AA976,00000010,00871440,007A13FC,?,007A13C6,?,007A1129), ref: 007D3852
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,007E17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 007E1777
                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007E17A2
                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007E17AE
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 77bcfe1f96544bffec337f980145cc05a59f8f07608511d02bdf5a28e4bb9ee6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2104e041c2984e953dc3063ee4f2cab5227ecd231a9b728110927f7b103bd4f4
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77bcfe1f96544bffec337f980145cc05a59f8f07608511d02bdf5a28e4bb9ee6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC91C571E022969ADB208F76CC46EEE7BB5AF4D710F984659E802E7141DB3DDD40C760
                                                                                                                                                                                                                                                                                                                                                                          Function 00824523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aac6a6031e128fa8c34ea064b09e070972a71bf5bacaea924c57f977ebe7ff00
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 739171343b2e689fe76c8bdef0bc19cfb926f61348f06cc6e81453ace7af2400
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aac6a6031e128fa8c34ea064b09e070972a71bf5bacaea924c57f977ebe7ff00
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9917D71A00229AFDF20CFA4D848FAEBBB8FF46714F108559E515EB281D7749985CFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00811187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0081125C
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00811284
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008112A8
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008112D8
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0081135F
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008113C4
                                                                                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00811430
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 359d654564a942f32a38deed2b5d010ff8baa3f7c7c195813cfafc4dab55468f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 84138e577e44cc395e71c6e7dae8bc8d11a3461130c0b943724fb37ef75c863d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359d654564a942f32a38deed2b5d010ff8baa3f7c7c195813cfafc4dab55468f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66910471A00219AFDF00DFA8D888BFEB7B9FF45714F104029E611E7291D778A981CB95
                                                                                                                                                                                                                                                                                                                                                                          Function 007B948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fcdea16d05b2616a92d055b7863041e78a214b731ebfae90d7caf2efc405784f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e23db2b74c7a4db301654e839c118c8a9b0ccf79dfb76e1c6bd3e2c3f330b20a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcdea16d05b2616a92d055b7863041e78a214b731ebfae90d7caf2efc405784f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9914A71D40219EFCB14CFA9CC88AEEBBB8FF49320F148455E615B7291D378AA51CB60
                                                                                                                                                                                                                                                                                                                                                                          Function 00823947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0082396B
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00823A7A
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00823A8A
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00823C1F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00810CDF: VariantInit.OLEAUT32(00000000), ref: 00810D1F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00810CDF: VariantCopy.OLEAUT32(?,?), ref: 00810D28
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00810CDF: VariantClear.OLEAUT32(?), ref: 00810D34
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 61af4c63011a15d3ca0674fc5f32ba7c3f52f7fcc17e63a1aba8397fd0a32128
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b9e4416bdf05da23de84a36766e0de0e617fa225e8f87a05e64e2faf8d2b7934
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61af4c63011a15d3ca0674fc5f32ba7c3f52f7fcc17e63a1aba8397fd0a32128
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C9155746083159FC704EF28D49496AB7E4FF89314F04892DF88A9B351DB39EE85CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00824BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?,?,0080035E), ref: 0080002B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?), ref: 00800046
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?), ref: 00800054
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?), ref: 00800064
                                                                                                                                                                                                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00824C51
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00824D59
                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00824DCF
                                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00824DDA
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b83e8f2308cb69981196bf03caca950d3ed9043192e522c7ba7771c2b53b2ed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 870375b96d64472a357c359e205d278628b43cb919ee225543d6770221d8cd27
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b83e8f2308cb69981196bf03caca950d3ed9043192e522c7ba7771c2b53b2ed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7911471D0022DEBDF10DFA4D890AEEB7B8FF48314F10866AE915A7241DB349A44CFA1
                                                                                                                                                                                                                                                                                                                                                                          Function 008320FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 00832183
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 008321B5
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008321DD
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00832213
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0083224D
                                                                                                                                                                                                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 0083225B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00803A57
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: GetCurrentThreadId.KERNEL32 ref: 00803A5E
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008025B3), ref: 00803A65
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008322E3
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080E97B: Sleep.KERNEL32 ref: 0080E9F3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f4b9ee855d69aa5557923bf403f84ab7f46c20114c3669264c02f51a1cabe64
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: acfec8db329e46f426134ec894382d0724afb68587cec2d23578cb7f4516496f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f4b9ee855d69aa5557923bf403f84ab7f46c20114c3669264c02f51a1cabe64
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD715B75A00215EFCB14EF68C885AAEB7F5FF89310F148459E916EB351DB34AE418B90
                                                                                                                                                                                                                                                                                                                                                                          Function 00837E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(01665A98), ref: 00837F37
                                                                                                                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(01665A98), ref: 00837F43
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0083801E
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(01665A98,000000B0,?,?), ref: 00838051
                                                                                                                                                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,?), ref: 00838089
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(01665A98,000000EC), ref: 008380AB
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008380C3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 804dc2ba87fa712f320fc0d93f08359df0c03ad516471be11c1a30ad8539c34f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 27abed56b3ae24d42f86f5fb8c729747c02bf8d3443d99172475ecdae1f83c88
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 804dc2ba87fa712f320fc0d93f08359df0c03ad516471be11c1a30ad8539c34f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8718AB4608608EFEB359F64C894FAABBB5FF89300F144459F945D72A1CB31E845DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 0080AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0080AEF9
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0080AF0E
                                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0080AF6F
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0080AF9D
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0080AFBC
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0080AFFD
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0080B020
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e2f739725e16a3930eda9d17dd8ef028fc75f6f1c655b55fdcabc9656cceede
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b115fe5d17615db853722a748269c90c2a52844084a69b9ec75a9393297faf5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e2f739725e16a3930eda9d17dd8ef028fc75f6f1c655b55fdcabc9656cceede
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6251D3A06047D63DFB7A8334CC45BBA7EE9BB06304F088489E1E9D54C2D799ACC4D762
                                                                                                                                                                                                                                                                                                                                                                          Function 0080ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0080AD19
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0080AD2E
                                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0080AD8F
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0080ADBB
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0080ADD8
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0080AE17
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0080AE38
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 08d14b72b843b5d81bb710b343623f4e081c36534408da981cfdfb7db27ea6f3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a4004f715d9df54cff08ae427876ce28172e7510c88325542f26e5bfd046d4e8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08d14b72b843b5d81bb710b343623f4e081c36534408da981cfdfb7db27ea6f3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E751D5A15047D53DFB7B8374CC95B7A7EA9FB46300F088489E1D5D68C2D294EC88D752
                                                                                                                                                                                                                                                                                                                                                                          Function 007D542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(007E3CD6,?,?,?,?,?,?,?,?,007D5BA3,?,?,007E3CD6,?,?), ref: 007D5470
                                                                                                                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 007D54EB
                                                                                                                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 007D5506
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,007E3CD6,00000005,00000000,00000000), ref: 007D552C
                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,007E3CD6,00000000,007D5BA3,00000000,?,?,?,?,?,?,?,?,?,007D5BA3,?), ref: 007D554B
                                                                                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,007D5BA3,00000000,?,?,?,?,?,?,?,?,?,007D5BA3,?), ref: 007D5584
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ef8a68ab36628d1e7f0dc21c3fbcca445d5ddae7b6e62e4be6ffe9a75a44500
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a4094b6cf0f50e6a470f28ba7bd10bd30ddc81a8383bcf7f353eda2dd4887ec9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ef8a68ab36628d1e7f0dc21c3fbcca445d5ddae7b6e62e4be6ffe9a75a44500
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE51B3709006499FDB11CFA8D845AEEBBFAFF08300F14451BE556E7391E634DA51CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 008210B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0082307A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082304E: _wcslen.LIBCMT ref: 0082309B
                                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00821112
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00821121
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 008211C9
                                                                                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 008211F9
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 19209a5f50c1170b226172cedf0be34d7093551af1880e1ae048bac12acd0911
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7547b87c66ee56dfc0e31d036d5c74c27bb23ad16393e929f61d9465e74c68c1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19209a5f50c1170b226172cedf0be34d7093551af1880e1ae048bac12acd0911
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7041E731600214AFDB109F24D889BA9B7E9FF85324F248159FD15EB291C774EE91CBE1
                                                                                                                                                                                                                                                                                                                                                                          Function 0080CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0080CF22,?), ref: 0080DDFD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0080CF22,?), ref: 0080DE16
                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0080CF45
                                                                                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0080CF7F
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0080D005
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0080D01B
                                                                                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 0080D061
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ee85ac24d15b07e05cd6e0268a3a30c233a2b14c0b11302f79368975dfa7d7e6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a9734901a579ce628c9392159c04c44473d0a94616f55b589aaeb069608bd93e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee85ac24d15b07e05cd6e0268a3a30c233a2b14c0b11302f79368975dfa7d7e6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 714143B19052199EDF52EFA4DD85ADEB7B8FF48380F0004EAA505EB181EE74A684CB51
                                                                                                                                                                                                                                                                                                                                                                          Function 00832DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00832E1C
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00832E4F
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00832E84
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00832EB6
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00832EE0
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00832EF1
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00832F0B
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ee7844aa0164f0e444af11a24956e57c0ead778871659083ecc765ef76e77fed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 987cbd947d8b764dcd8b02a6b62da6e8d25ab08c336f468b0ef2090075866450
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee7844aa0164f0e444af11a24956e57c0ead778871659083ecc765ef76e77fed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6311331604250AFDB20CF58DC8AF653BE0FB9AB10F1401A4FA05DB2B2CB75E880DB81
                                                                                                                                                                                                                                                                                                                                                                          Function 00807726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00807769
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0080778F
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00807792
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 008077B0
                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 008077B9
                                                                                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 008077DE
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 008077EC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c00d5aeee99d72cff60f439758748ac1ff2422f857e52295c3868c008a41361f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: be3eb57e5ff123ad66b8c585fbf3dd6d177a1d6ed0303d133d9852804afed4ee
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c00d5aeee99d72cff60f439758748ac1ff2422f857e52295c3868c008a41361f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E21D376A0421DAFDF50DFA8CC88DBB73ACFB497A47008425FA14DB190D674EC418764
                                                                                                                                                                                                                                                                                                                                                                          Function 008077FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00807842
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00807868
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0080786B
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 0080788C
                                                                                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 00807895
                                                                                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 008078AF
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 008078BD
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c8d991b015a53ecf56d5bd40774a79e10ee3559f9c57232bc76f702d8411e8be
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e355e72464fa20b5a89b998b10bc1eeddb13f0c8590fe5d87135ac0fb948590b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8d991b015a53ecf56d5bd40774a79e10ee3559f9c57232bc76f702d8411e8be
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81216032A08208AFDB509FA8DC8CDAA77ACFB497607108535F915DB2A1D674EC41CB68
                                                                                                                                                                                                                                                                                                                                                                          Function 008104D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 008104F2
                                                                                                                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0081052E
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b79a2bde181b55be7c786a36fd9733f66ad9b6fb2bc2d4ec1ce517c3b6eaa376
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d6c3dd7102021112bc0f7f4fa2d6e18b8e67e0839aa644c9e6c155d54281204a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b79a2bde181b55be7c786a36fd9733f66ad9b6fb2bc2d4ec1ce517c3b6eaa376
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 162130B5500305ABDB209F69DC44ADA77A9FF84764F204A19F8A1F62E0D7B099D0CF20
                                                                                                                                                                                                                                                                                                                                                                          Function 008105A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 008105C6
                                                                                                                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00810601
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4cc79ef03e3f2785863e14313be28aed738bbcd520793e484b36425084050fa9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e756cca94d314e203b5a5bd9fc17565e4bd04a9b654b858492924fb8ad1c4e09
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cc79ef03e3f2785863e14313be28aed738bbcd520793e484b36425084050fa9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB214C755003059BDB209F699C44ADAB7A8FFA5725F204A19F8A1E72E0D7F099E0CF60
                                                                                                                                                                                                                                                                                                                                                                          Function 008340AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007A604C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A600E: GetStockObject.GDI32(00000011), ref: 007A6060
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007A606A
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00834112
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0083411F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0083412A
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00834139
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00834145
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d1b205d11027e60c0a9587cd330f5526eb7e7c5790da2d30eea84b629000109f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 325b188b18249026e56716742494df1d5f21395dbe750a99328115d10408886b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1b205d11027e60c0a9587cd330f5526eb7e7c5790da2d30eea84b629000109f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB1190B214021DBEEF119E64CC86EEB7F5DFF48798F014111FA18E2150CA769C619BA4
                                                                                                                                                                                                                                                                                                                                                                          Function 007DD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007DD7A3: _free.LIBCMT ref: 007DD7CC
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD82D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000), ref: 007D29DE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: GetLastError.KERNEL32(00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000,00000000), ref: 007D29F0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD838
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD843
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD897
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD8A2
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD8AD
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD8B8
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 45dd03a3070bf1d25da9a48f94ab2df56e680a3ceae9815c1f62b3f06e54b0bb
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1114F71540B04EAD531BFB0CD4BFCB7BFC6F10710F400826B29DA62A3DA69B9065A50
                                                                                                                                                                                                                                                                                                                                                                          Function 0080DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0080DA74
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0080DA7B
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0080DA91
                                                                                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0080DA98
                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0080DADC
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0080DAB9
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f7c33d9cf6270760a57609e7e93d1f0a8af1d188febd3f0565a86370ad7dafa
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 2251dade7f1ef3002a253d6c9e3a27466a18ced9095f5a00226a6b5d79595b9e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f7c33d9cf6270760a57609e7e93d1f0a8af1d188febd3f0565a86370ad7dafa
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68016DF29002187FE750ABE49D89EEB376CFB08301F400896B746F2081EA749E848F74
                                                                                                                                                                                                                                                                                                                                                                          Function 0081096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0165FB18,0165FB18), ref: 0081097B
                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0165FAF8,00000000), ref: 0081098D
                                                                                                                                                                                                                                                                                                                                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 0081099B
                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 008109A9
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 008109B8
                                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0165FB18,000001F6), ref: 008109C8
                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(0165FAF8), ref: 008109CF
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a46b8a9a61d750eb7fedc2c9efedf16621641f8cb8674d393004aec42d2801b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e4b7ab81b4e8888cac90e4ffd7a1e6e56522231de2a1e4f8b66339f911ac669
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a46b8a9a61d750eb7fedc2c9efedf16621641f8cb8674d393004aec42d2801b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF0EC32442A12BBD7515FA4EE8DBDABB39FF45702F402425F202A08A1C7B594B5CF90
                                                                                                                                                                                                                                                                                                                                                                          Function 00821C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00821DC0
                                                                                                                                                                                                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00821DE1
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00821DF2
                                                                                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 00821EDB
                                                                                                                                                                                                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 00821E8C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 008039E8: _strlen.LIBCMT ref: 008039F2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00823224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0081EC0C), ref: 00823240
                                                                                                                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00821F35
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ac6860c3a437bc96b3b87fdf0aa9b180d56a3e92628acc5887f2aa6b7f02d67
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f89d79dfefbdd960b48ce520950231dc3ee48712ab28f2135722908d30186b58
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ac6860c3a437bc96b3b87fdf0aa9b180d56a3e92628acc5887f2aa6b7f02d67
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFB1E130204350AFC724DF24D899E2A77A5FF95318F64895CF4569B2E2CB35ED81CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007A5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 007A5D30
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007A5D71
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007A5D99
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 007A5ED7
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007A5EF8
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: df16d84e95a06471707221717d1e95054e8171b9ac97a4829cf86d3e56308480
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 10d8ccae31675e5f8e202928fbc2b249d7f6020e59211747b4011886a631bcc8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df16d84e95a06471707221717d1e95054e8171b9ac97a4829cf86d3e56308480
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DB17C35A00B8ADBDB10CFA9C4807EEB7F1FF98310F14851AE8A9D7250D738AA51DB54
                                                                                                                                                                                                                                                                                                                                                                          Function 007D01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 007D00BA
                                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D00D6
                                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 007D00ED
                                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D010B
                                                                                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 007D0122
                                                                                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D0140
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4abee1df2578fd968a1b34b508917c88a957bac463f66e830455b140ed3263bf
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B81E276A01706EBE720AA29CC46B6E73B9EF45324F24413FF551D7781E779D9008B90
                                                                                                                                                                                                                                                                                                                                                                          Function 007D61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007C82D9,007C82D9,?,?,?,007D644F,00000001,00000001,8BE85006), ref: 007D6258
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007D644F,00000001,00000001,8BE85006,?,?,?), ref: 007D62DE
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007D63D8
                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007D63E5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D3820: RtlAllocateHeap.NTDLL(00000000,?,00871444,?,007BFDF5,?,?,007AA976,00000010,00871440,007A13FC,?,007A13C6,?,007A1129), ref: 007D3852
                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007D63EE
                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007D6413
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 52111cf8ec213f2993e412135e49e3c1d8508a4710f1dcd4147210ece307961d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9de30fa57db12d1e7ea8234419b2b8a9b97e79f14e1405a1929ebba20e64a609
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52111cf8ec213f2993e412135e49e3c1d8508a4710f1dcd4147210ece307961d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5651E172A00216ABEB258F64DC85EBF77BAEF44710F15462AFC05D6241EB3CDC54D6A0
                                                                                                                                                                                                                                                                                                                                                                          Function 0082BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0082B6AE,?,?), ref: 0082C9B5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082C9F1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA68
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA9E
                                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0082BCCA
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0082BD25
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0082BD6A
                                                                                                                                                                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0082BD99
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0082BDF3
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0082BDFF
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 385f9257d1a8e5bdbc629252c50f7d29d393d685a28658d09538dcac90dda3dd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: de8954c7e2c4409fc3b9fc10225e253051d3dc34c2538332004acecbb2576750
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 385f9257d1a8e5bdbc629252c50f7d29d393d685a28658d09538dcac90dda3dd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E181DF30208241EFC714DF24C895E6ABBE5FF85308F14896CF5598B2A2DB35ED85CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007FF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 007FF7B9
                                                                                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000001), ref: 007FF860
                                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(007FFA64,00000000), ref: 007FF889
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(007FFA64), ref: 007FF8AD
                                                                                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(007FFA64,00000000), ref: 007FF8B1
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 007FF8BB
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 812d0e10e25eeac2eafe30c9ef3d2ec6697b69e9cb21b282cddaa97307ebab7f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c89509c3081b02e831b34e781956c147ba6665ae102c0f605c1d313bba51dd46
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 812d0e10e25eeac2eafe30c9ef3d2ec6697b69e9cb21b282cddaa97307ebab7f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1551E731601318FACF20AB65D899B39B3A8EF45710F249467EA05DF392DFB89C40D766
                                                                                                                                                                                                                                                                                                                                                                          Function 0081910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A7620: _wcslen.LIBCMT ref: 007A7625
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 008194E5
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00819506
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081952D
                                                                                                                                                                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00819585
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ca3c543647da4c99532b36c8ec9dfdbdffaee0d632dd9a37efe08e996552092b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 81c66dbf0c58738822d5891f9257ab8442bc1558ed88784863fafc36e9288541
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca3c543647da4c99532b36c8ec9dfdbdffaee0d632dd9a37efe08e996552092b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8E1AF31908300DFC724DF24C895AAAB7E5FF85314F048A6DF9999B2A2DB34DD45CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007B920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 007B9241
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 007B92A5
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 007B92C2
                                                                                                                                                                                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007B92D3
                                                                                                                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 007B9321
                                                                                                                                                                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 007F71EA
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9339: BeginPath.GDI32(00000000), ref: 007B9357
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3d6f6385d2c151042d4028804e6c3782c3dde4ce14253148ad688a10d7573fa5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 382656250f59cf965a1f90ac33e9df0089aba252cb52cb7f6e821714d4771f94
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d6f6385d2c151042d4028804e6c3782c3dde4ce14253148ad688a10d7573fa5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03418E71104204EFDB11DF28CC89FBA7BA8FB96324F140629FB64972A1C7359845DB61
                                                                                                                                                                                                                                                                                                                                                                          Function 008107EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 0081080C
                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00810847
                                                                                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00810863
                                                                                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 008108DC
                                                                                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008108F3
                                                                                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00810921
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5cf1ff5b71a3f48eb671b16c85132af7bc2dd8f437609c3bfa84bdc4724f22e7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1bb35df4c4ac10efb3c275f0f99fa06fc4b7978845dab8a6373fbdc91f3c49a5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cf1ff5b71a3f48eb671b16c85132af7bc2dd8f437609c3bfa84bdc4724f22e7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0418971900205EBDF14AF64DC85AAA77B9FF44700F1040A9ED04EA297DB74DEA0DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 008381DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,007FF3AB,00000000,?,?,00000000,?,007F682C,00000004,00000000,00000000), ref: 0083824C
                                                                                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00838272
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 008382D1
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 008382E5
                                                                                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 0083830B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0083832F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 87203d29b64d7d42c8c550f89da1bf92acff0633e75193dd043023683a1f5b6b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: acb6df54d5cdfcd7ca800ee178068024a946ff67c0e485b8e2960c4f6c528c7e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87203d29b64d7d42c8c550f89da1bf92acff0633e75193dd043023683a1f5b6b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11416434601744EFDF15DF29DC99BE57BE1FB8A714F184169FA089B262CB31A881CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00804C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00804C95
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00804CB2
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00804CEA
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00804D08
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00804D10
                                                                                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00804D1A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ab84fd8be472b014218a06a0ffd32160893d5d01e84f3ee5371012fce6886503
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e6ae13ad832bc1d676246beada8a7997340f1e3d25e43242865c1b63020f067
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab84fd8be472b014218a06a0ffd32160893d5d01e84f3ee5371012fce6886503
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 232104B2244204BBFB955B39AC0AE7B7B9CEF85750F10906DFD05DA192EA75DD0087A0
                                                                                                                                                                                                                                                                                                                                                                          Function 0081581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007A3A97,?,?,007A2E7F,?,?,?,00000000), ref: 007A3AC2
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081587B
                                                                                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00815995
                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0083FCF8,00000000,00000001,0083FB68,?), ref: 008159AE
                                                                                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 008159CC
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 05e7103f3281d9a013843a331c1c74db7b7dcd261ababf0f1bb58e80240b0ae4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9487cae8cd6fcd525480c749a93e1451c096559609d55b20c081309e9e9fb0e1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e7103f3281d9a013843a331c1c74db7b7dcd261ababf0f1bb58e80240b0ae4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1D15271608601DFC714DF24C484A6ABBE9FFC9720F148959F889DB261D735EC85CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 0080175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00800FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00800FCA
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00800FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00800FD6
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00800FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00800FE5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00800FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00800FEC
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00800FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00801002
                                                                                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00801335), ref: 008017AE
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008017BA
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 008017C1
                                                                                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 008017DA
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00801335), ref: 008017EE
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 008017F5
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: af72d61e8cdbb11f4d0049b1e2f204ca042127ee605bc89f244fbfe0537c3a94
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bdf6775a210d06788dcefe95b688043213cbc438e311c03c2c88118783ecbb7d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af72d61e8cdbb11f4d0049b1e2f204ca042127ee605bc89f244fbfe0537c3a94
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A11BB32600205FFDF649FA4CC49BAE7BE9FB86369F104418F481E7294C736A940DB60
                                                                                                                                                                                                                                                                                                                                                                          Function 008014CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008014FF
                                                                                                                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00801506
                                                                                                                                                                                                                                                                                                                                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00801515
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000004), ref: 00801520
                                                                                                                                                                                                                                                                                                                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0080154F
                                                                                                                                                                                                                                                                                                                                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00801563
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4c716cde0995a99957c519f90219bd410a966112b8b2086f83f7a1f2d2d7e672
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0d61c255e2d4dfc2ab9ebe18e1352594a75128241aee30190ef3040ef162cdfd
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c716cde0995a99957c519f90219bd410a966112b8b2086f83f7a1f2d2d7e672
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0611267250024DABDF118FA8DD49BDE7BAAFF89758F044425FA05A21A0C3758E64DB60
                                                                                                                                                                                                                                                                                                                                                                          Function 007C3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,007C3379,007C2FE5), ref: 007C3390
                                                                                                                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007C339E
                                                                                                                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007C33B7
                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,007C3379,007C2FE5), ref: 007C3409
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 28d41056f94feffc4395ac2f045354e233dae1d02985049f2cf7c9466935a0b7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9cfbb05d97247b2b505fae92b8a5cfe20f6eebb92a37e078c8b113982ddd7579
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28d41056f94feffc4395ac2f045354e233dae1d02985049f2cf7c9466935a0b7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E601243220C751FEAA2427747C9AF762B94FB05379320832EF410952F0EF5D4E025284
                                                                                                                                                                                                                                                                                                                                                                          Function 007D2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,007D5686,007E3CD6,?,00000000,?,007D5B6A,?,?,?,?,?,007CE6D1,?,00868A48), ref: 007D2D78
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2DAB
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2DD3
                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,007CE6D1,?,00868A48,00000010,007A4F4A,?,?,00000000,007E3CD6), ref: 007D2DE0
                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,007CE6D1,?,00868A48,00000010,007A4F4A,?,?,00000000,007E3CD6), ref: 007D2DEC
                                                                                                                                                                                                                                                                                                                                                                          • _abort.LIBCMT ref: 007D2DF2
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e54438777f017d50009677a082c680ecab1a9a29ed88d63a3408b97a7a5223a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e6dcd9a23410cf999472ebc43e134d35a052d1b6d563b5484eee420605df832
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e54438777f017d50009677a082c680ecab1a9a29ed88d63a3408b97a7a5223a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF0A931604600B7C6123734AC0EA1A3576BBE27A5F25451BF464A23A3EE6C98035271
                                                                                                                                                                                                                                                                                                                                                                          Function 00838A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007B9693
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: SelectObject.GDI32(?,00000000), ref: 007B96A2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: BeginPath.GDI32(?), ref: 007B96B9
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: SelectObject.GDI32(?,00000000), ref: 007B96E2
                                                                                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00838A4E
                                                                                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00838A62
                                                                                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00838A70
                                                                                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00838A80
                                                                                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00838A90
                                                                                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00838AA0
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 48b161383a4e7eab1bbb883c799f1861bc709bbc8b85a829476cc87a494afea5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5f98d0207da1ead85dcbf158abcc1eaa56139e401827b1ca7aac0c74fabdadf0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48b161383a4e7eab1bbb883c799f1861bc709bbc8b85a829476cc87a494afea5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA11F776000158FFDF129F94DC88EAA7F6CFB08354F008412FA19AA1A1C7719D55DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 008051FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00805218
                                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00805229
                                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00805230
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00805238
                                                                                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0080524F
                                                                                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00805261
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3feaab659c5d5ffd8aeae51216c2a1368908c396262ad9595ab002c9be389dcf
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 86eb355d5ab0ab89fdffc019a363123d4250bb2ec19687251fb25828a5b15af4
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3feaab659c5d5ffd8aeae51216c2a1368908c396262ad9595ab002c9be389dcf
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64014F75A00718BBEF109BA69C49A5EBFB8FF88751F044465FA04E7291D6709800CFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 007A1BF4
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 007A1BFC
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007A1C07
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007A1C12
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 007A1C1A
                                                                                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 007A1C22
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 345635db4341ddf5c63e5bbd7990e3d297cc1101403088ae07f6c8fa26f2d71e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ffdb68945ce01a152462c43aee106d79db28b55f78d9822d2f0f3ad426037925
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 345635db4341ddf5c63e5bbd7990e3d297cc1101403088ae07f6c8fa26f2d71e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B0167B0902B5ABDE3008F6A8C85B52FFA8FF59354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                          Function 0080EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0080EB30
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0080EB46
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0080EB55
                                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0080EB64
                                                                                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0080EB6E
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0080EB75
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d6d3886e3a5cbecd2b3674aecff19385de1302118eb18363bda499dd1bba198f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ae00eb1e29835c95688627816f4ab6f6b487d296829faaa76b7e0c1b1810533
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6d3886e3a5cbecd2b3674aecff19385de1302118eb18363bda499dd1bba198f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF03A72240158BBE7215B629C0EEEF7A7CFFCAB11F004559F602E1191E7A45A01D7B5
                                                                                                                                                                                                                                                                                                                                                                          Function 007F7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 007F7452
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 007F7469
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 007F7475
                                                                                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 007F7484
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 007F7496
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 007F74B0
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 66d954733ebeefc0fc2ad8ed17754d2d034a951b6cf54d90077496382ff0e28d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e22a5638b45674cb4eb55c7aa300f210c5a7577d6d56fd60239b8ca533543ab3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66d954733ebeefc0fc2ad8ed17754d2d034a951b6cf54d90077496382ff0e28d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5901AD31400209EFEB505FA8DC09BFE7BB5FF44311F100864FA15A21A0CB351E51EB10
                                                                                                                                                                                                                                                                                                                                                                          Function 00801874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0080187F
                                                                                                                                                                                                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 0080188B
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00801894
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0080189C
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 008018A5
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 008018AC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f6001ad1629c1b63fdc0e48cff98467dd3f3a1090d4e0bd0d265df9a4e346764
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d62cd01d4cb269d74515ddd1752ae8e9eef94144965ec90db2d66cd48abe7a17
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6001ad1629c1b63fdc0e48cff98467dd3f3a1090d4e0bd0d265df9a4e346764
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46E0E536004101BBDB016FA5ED0C90AFF39FF89B22B108A20F225A1170CB369430EF50
                                                                                                                                                                                                                                                                                                                                                                          Function 0080C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A7620: _wcslen.LIBCMT ref: 007A7625
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0080C6EE
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0080C735
                                                                                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0080C79C
                                                                                                                                                                                                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0080C7CA
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b276e122d41ac266d53588aa6076cdf2dfe7d8eb94edf3f16c1fb4679740b11
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 766c359cb74142add73c1dba78a1a447d8a8b52bf7c9dc006fe79186229cab23
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b276e122d41ac266d53588aa6076cdf2dfe7d8eb94edf3f16c1fb4679740b11
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4251BD716143019BD7A59F2CCC89BAAB7E8FF99314F040B2DF9A5E21E0DB74D9048B52
                                                                                                                                                                                                                                                                                                                                                                          Function 0082AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 0082AEA3
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A7620: _wcslen.LIBCMT ref: 007A7625
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 0082AF38
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0082AF67
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 96f25cb401792eb5477985b74d3dbbf12895b95fd47133c66496d3a0f04f6667
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d966f605f477b1a24fe5b9c7b52c99e058051d69c0cf7ae35b7b5a063e01d26c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96f25cb401792eb5477985b74d3dbbf12895b95fd47133c66496d3a0f04f6667
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D771B175A00629DFCB18DF54D484A9EBBF0FF49300F048499E816AB352CB78ED85CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 0080719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00807206
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0080723C
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0080724D
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008072CF
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 97c90204f230a8c1f7f85366674b4b4abbbc3bbd869501f53a233bb0b0cfda9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 05cb0782172766e811a42a05daf21ba2da1c973cfb256db1aaca219d5e1bbc89
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97c90204f230a8c1f7f85366674b4b4abbbc3bbd869501f53a233bb0b0cfda9b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04417EB1A04204EFDB55CF54CC84A9A7BA9FF84314F1584A9BD06DF28AD7B0ED44DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00833D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00833E35
                                                                                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00833E4A
                                                                                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00833E92
                                                                                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00833EA5
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d94ebdd53ee6d89e68c1763dbbcb713e704a8dad57446063c40c4a0138327f65
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1dcb63ff0311f5dc6d767dd508c737674c07e85293de83ba64204c229e32ae2c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d94ebdd53ee6d89e68c1763dbbcb713e704a8dad57446063c40c4a0138327f65
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33414575A01209EFDB10DF64D884EAABBB9FF89354F044229E905EB650D734EE45CFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00801DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00803CCA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00801E66
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00801E79
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00801EA9
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2ca2a09dfe98078fea192b2842b9f00528e030b1784d1cabe17e1bf6b2a857cd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e156a70cb70d66ca1c872c30918d7887e77754303ad3429030910ac92fc02abc
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ca2a09dfe98078fea192b2842b9f00528e030b1784d1cabe17e1bf6b2a857cd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED21E571A00104BBDB54AB64DC4ECFFB7B9FF96364B144519F825E72E1DB38490A8620
                                                                                                                                                                                                                                                                                                                                                                          Function 00832F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00832F8D
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00832F94
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00832FA9
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00832FB1
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2d7de60eea84899c3878fafef4f8c2fe4288aa4db30a78496f0a2839cdd74fd5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9ef1c976f38ca529751fe8bb83ccdb42ffc7c86cc373545b4c86953294800093
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d7de60eea84899c3878fafef4f8c2fe4288aa4db30a78496f0a2839cdd74fd5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05219D72204209ABEF205F64DC85EBB77BDFF99368F104628FA50E6190DB71DC9197A0
                                                                                                                                                                                                                                                                                                                                                                          Function 007C4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007C4D1E,007D28E9,?,007C4CBE,007D28E9,008688B8,0000000C,007C4E15,007D28E9,00000002), ref: 007C4D8D
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007C4DA0
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,007C4D1E,007D28E9,?,007C4CBE,007D28E9,008688B8,0000000C,007C4E15,007D28E9,00000002,00000000), ref: 007C4DC3
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5efdea2e16f430a738c38034ad516072212c4d86a547282bb72bc9e0974e5c57
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c7f9903547871f4d7bc02ca013d3f8301015eb93470a9aa851b924fb36853417
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5efdea2e16f430a738c38034ad516072212c4d86a547282bb72bc9e0974e5c57
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF03C35A40208BBDB119B90DC49BAEBBA5FF44751F0001A8EA06A2260CB795A40DBD1
                                                                                                                                                                                                                                                                                                                                                                          Function 007A4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007A4EDD,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4E9C
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007A4EAE
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,007A4EDD,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4EC0
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0d5b9176ba1648aebb1d865f023d4fd916e03eabcaaacc159a5b24139dc208ae
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d7072bf49dfc91c105e57c59bcbab785c62cfe78ff411c510e4d280d2f3ca0e1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d5b9176ba1648aebb1d865f023d4fd916e03eabcaaacc159a5b24139dc208ae
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46E08C36A066226B92321B25AC18A6FB658BFC2B62B050615FC01F2200DBA8CD0292E0
                                                                                                                                                                                                                                                                                                                                                                          Function 007A4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007E3CDE,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4E62
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007A4E74
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,007E3CDE,?,00871418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007A4E87
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 06848e507dc481ca2601bbc5bc70cb373b0ae8a66a750668265fa1018c21267b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b8be9ccf0a25c5eb2192fba415c7075c0e1e41069761a56e880d67813a86501
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06848e507dc481ca2601bbc5bc70cb373b0ae8a66a750668265fa1018c21267b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FD012365066615756221B257C1CD8F7A58FFC6B623050A15B905F2254CFA9CD0196D0
                                                                                                                                                                                                                                                                                                                                                                          Function 00812947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00812C05
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00812C87
                                                                                                                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00812C9D
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00812CAE
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00812CC0
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4e051d5db889cede6c2fc4fde5b9886dc3eefab4c10a3811f8d643335bcaaae
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6886eb6059ef5dcfd3689c2b4990ad2d5c9eea90ee1ca68dbebb671737e12391
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4e051d5db889cede6c2fc4fde5b9886dc3eefab4c10a3811f8d643335bcaaae
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95B14E7290011DEBDF21DBA4CC89EDEB77DFF49350F1040AAF609E6141EA349A948FA1
                                                                                                                                                                                                                                                                                                                                                                          Function 0082A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0082A427
                                                                                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0082A435
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0082A468
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0082A63D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 915b4f413ea137906ebe9a0477e233d72e99428cacd574da6d4024ea0c63178f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d235fdfa4a2fa6fb77b97e5a4a082652216314fcc30a801c3d95f7cc1deac065
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 915b4f413ea137906ebe9a0477e233d72e99428cacd574da6d4024ea0c63178f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BA19D71604300AFD724DF24D886F2AB7E5EF84714F18891DF99ADB292D7B4EC418B82
                                                                                                                                                                                                                                                                                                                                                                          Function 007DBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00843700), ref: 007DBB91
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0087121C,000000FF,00000000,0000003F,00000000,?,?), ref: 007DBC09
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00871270,000000FF,?,0000003F,00000000,?), ref: 007DBC36
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DBB7F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000), ref: 007D29DE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: GetLastError.KERNEL32(00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000,00000000), ref: 007D29F0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DBD4B
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a85e7d9a9a60f23c22c8c63e136c6f54bdd94109ceece8b6a5fbad75fce9f5fb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b2b4a1d45204533ea2e63c6b2ebc8c97af88f71c45f8fc908a3066e32a0c0611
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a85e7d9a9a60f23c22c8c63e136c6f54bdd94109ceece8b6a5fbad75fce9f5fb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91510971900209EFCB10DF69CC899AEB7B8FF40310B12426BE558E73A5EB749D419B60
                                                                                                                                                                                                                                                                                                                                                                          Function 0080E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0080CF22,?), ref: 0080DDFD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0080CF22,?), ref: 0080DE16
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080E199: GetFileAttributesW.KERNEL32(?,0080CF95), ref: 0080E19A
                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0080E473
                                                                                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0080E4AC
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0080E5EB
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0080E603
                                                                                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0080E650
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ca181c046052bf2179f281a47d76080801ea8f198a64b3aeea4ecb42da80f323
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 10cd310869df927d55ae2a24b72d556b08014af5e2d0f0ebde3b77a44c4174ed
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca181c046052bf2179f281a47d76080801ea8f198a64b3aeea4ecb42da80f323
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 225180B20087459BC764EBA4DC859DBB3DCFF85340F004D1EF689D3191EE79A688876A
                                                                                                                                                                                                                                                                                                                                                                          Function 0082B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0082B6AE,?,?), ref: 0082C9B5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082C9F1
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA68
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082C998: _wcslen.LIBCMT ref: 0082CA9E
                                                                                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0082BAA5
                                                                                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0082BB00
                                                                                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0082BB63
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 0082BBA6
                                                                                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0082BBB3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f27a03071e9492d1dae7a39a9bc0355c49261a32041fed952cf6a2cf84f76a1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dd458c419d21bbe0774ccca7f8addffa4c9f99963b690648042c001128eef1a3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f27a03071e9492d1dae7a39a9bc0355c49261a32041fed952cf6a2cf84f76a1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B61E331209251EFC314DF24D494E2ABBE5FF85318F54895CF49A8B2A2CB35ED85CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00808BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00808BCD
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00808C3E
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00808C9D
                                                                                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00808D10
                                                                                                                                                                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00808D3B
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4de77874f80ca91c67cc6dc315f2c87b24280d7fd739bfdda185a281c338a8a9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 09b75a2f79e891d00e34ac555b710471111e9a262086695f1685227ba719f29d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4de77874f80ca91c67cc6dc315f2c87b24280d7fd739bfdda185a281c338a8a9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8517BB5A00219EFCB10CF68C884AAAB7F8FF89314B158559F945EB350E730E951CF90
                                                                                                                                                                                                                                                                                                                                                                          Function 00818AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00818BAE
                                                                                                                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00818BDA
                                                                                                                                                                                                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00818C32
                                                                                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00818C57
                                                                                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00818C5F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 093d215b995036724fc3b317aa4d85a432188a071301affa94c617d2e8f78c8a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: da0ee2e5eb2ebc645462c5c6b55b2ad29381ab9a30ff85d4fb2a4fa49815be6b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 093d215b995036724fc3b317aa4d85a432188a071301affa94c617d2e8f78c8a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA512A35A00215EFCB15DF64C885AAEBBF5FF89314F088458E849AB362DB35ED51CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00828EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00828F40
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00828FD0
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00828FEC
                                                                                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00829032
                                                                                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00829052
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00811043,?,7644E610), ref: 007BF6E6
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,007FFA64,00000000,00000000,?,?,00811043,?,7644E610,?,007FFA64), ref: 007BF70D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5207d7c196dd5cac859501db04ff096c4c2c2a1997cc89c096d79f12fe1bb3ff
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: c1043b81fde93b23bb5b835b282c2d9008e38d71e9d2962a1208ce99a348328e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5207d7c196dd5cac859501db04ff096c4c2c2a1997cc89c096d79f12fe1bb3ff
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39515B34A01219DFCB00DF58C4948ADBBF1FF89314F088198E80AAB362DB35ED85CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00836B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00836C33
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00836C4A
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00836C73
                                                                                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0081AB79,00000000,00000000), ref: 00836C98
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00836CC7
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 780f68995a420fc87f530a726ea2560e8ced213c43a11e967cd56b0d614489f0
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cc13eff5ecd8b3f539425c4ad777febf6e8636c359830cd13b16de5dc4a87282
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 780f68995a420fc87f530a726ea2560e8ced213c43a11e967cd56b0d614489f0
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B41C535600104BFDB24CF2CCC59FA5BBA4FB89360F145618E895E72A0E371ED62CA90
                                                                                                                                                                                                                                                                                                                                                                          Function 007D2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d29564cfa0b345cc6e7ef46fb7eb10f6a12889b8d686fab0f8552e329032df54
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7e87fe826e61719935079a9733e308fae1b8d0e7ddfb570f830215a2d2f9c5b6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d29564cfa0b345cc6e7ef46fb7eb10f6a12889b8d686fab0f8552e329032df54
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C141E232A00204EFCB20DF78C884A6DB7B5EF98714F1585AAE515EB352DA35ED03CB81
                                                                                                                                                                                                                                                                                                                                                                          Function 007B912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 007B9141
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 007B915E
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 007B9183
                                                                                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 007B919D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 107cf44bc637c85969ab9959ce7d84590b8b4b9524a071c1a93f1e2440d723d9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8ab2bbab81d7a87957545997201a32ebc7b8788aaaedfa654f846f6d7e8069e0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 107cf44bc637c85969ab9959ce7d84590b8b4b9524a071c1a93f1e2440d723d9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9415E71A0860EFBDF199F68C848BFEB775FF45320F208219E625A6290C7386954DB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00813874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 008138CB
                                                                                                                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00813922
                                                                                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0081394B
                                                                                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00813955
                                                                                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00813966
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6d2969c7b81b73bc97ba1915c2c81f86dd276669531bb291dc9bea5332f0dd2c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0748676f98165d3e9760b477a4ed8bc6a5b591032ccc3e693b0870101ce8699d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d2969c7b81b73bc97ba1915c2c81f86dd276669531bb291dc9bea5332f0dd2c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34319E709043469EEF258B39984DBE67FACFF06304F040569E46AD25A4E3B4AAC5CB51
                                                                                                                                                                                                                                                                                                                                                                          Function 0081CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0081C21E,00000000), ref: 0081CF38
                                                                                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 0081CF6F
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,0081C21E,00000000), ref: 0081CFB4
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0081C21E,00000000), ref: 0081CFC8
                                                                                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0081C21E,00000000), ref: 0081CFF2
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce8dd2011ad6586e150e9656fff630094b48dca2b4a7415f33eb01709052186a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ac951df261accf00a8382eda1982ee7fb123378735747de08cb1a18ef855498
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce8dd2011ad6586e150e9656fff630094b48dca2b4a7415f33eb01709052186a
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0313A71640205EFDB20DFA5C888AABBBFDFF54354B10442EF516E2140DBB0EE829B60
                                                                                                                                                                                                                                                                                                                                                                          Function 00801901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00801915
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 008019C1
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 008019C9
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 008019DA
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008019E2
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b13650b26294e177ffec63f02344efdf49446d82574e0592d2ddd1a485a999d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df67ca649bbecd8c4e88ff667186bc44af95243f390d8c49608b91268d7024ae
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b13650b26294e177ffec63f02344efdf49446d82574e0592d2ddd1a485a999d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3318972A00219EFCB00CFA8CD9DAAE3BB5FB45325F504629F921EB2D1C7709944DB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00835706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00835745
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 0083579D
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008357AF
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008357BA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00835816
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c33b11b085488f37389363cb0f996faea0f2513eb8cff48e101d09b454cbb287
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ad71151be817b84cde072bf76da5024c99686c364dbb4244a58f4240d5bcb62c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c33b11b085488f37389363cb0f996faea0f2513eb8cff48e101d09b454cbb287
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7921B671904618DADB208F64DC89AEE7BB8FF84324F10861AF929EB180D7709985CF90
                                                                                                                                                                                                                                                                                                                                                                          Function 00820930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00820951
                                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00820968
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 008209A4
                                                                                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 008209B0
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 008209E8
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cdafb8d219af843f09c335f0e644c0cf1682291873134b172f6aeec081c7e906
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9fffbb461ee0639bfe691c0e4c0df37b15f76a7483ea0129c4e6292402326c83
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdafb8d219af843f09c335f0e644c0cf1682291873134b172f6aeec081c7e906
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E216235A00214AFD704EF69D849A9EBBE9FF89700F04846CE846E7762DB34AC44CB50
                                                                                                                                                                                                                                                                                                                                                                          Function 007DCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 007DCDC6
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007DCDE9
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D3820: RtlAllocateHeap.NTDLL(00000000,?,00871444,?,007BFDF5,?,?,007AA976,00000010,00871440,007A13FC,?,007A13C6,?,007A1129), ref: 007D3852
                                                                                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007DCE0F
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DCE22
                                                                                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007DCE31
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 24d206b03793523ea3926f093266ddc2ebd7014cb77bd53748c605423c36d944
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b407161bc1fcc19d75df00592b397080aaaf7dfadb0f2f7bbad1b69aac6a87d2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24d206b03793523ea3926f093266ddc2ebd7014cb77bd53748c605423c36d944
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE0188B26012167F272216BA6C4CD7FBA7DEEC6BA1315012FF905D7301DA698D01D2B0
                                                                                                                                                                                                                                                                                                                                                                          Function 007B9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007B9693
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 007B96A2
                                                                                                                                                                                                                                                                                                                                                                          • BeginPath.GDI32(?), ref: 007B96B9
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 007B96E2
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 18c435c6b9580450fe3cd119618d3929eec9f06456ee1ca77c7377ac03f98b68
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 76f440b40f73e539fee6059901dc46fcb1951d24679c3b621c2fc6862b92bd1f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18c435c6b9580450fe3cd119618d3929eec9f06456ee1ca77c7377ac03f98b68
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D216A31802205EBDF119F28EC1DBE97FB8BB51319F544216F728A65A4D3789892CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00805711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 02b205093e4ba1a90feebc027e645b40bf8306da759170393b84354089d06f8d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 77b62a4b9cb13b98c96565c868c0a4587883e287c92b48c79f1b59bcbab1462b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02b205093e4ba1a90feebc027e645b40bf8306da759170393b84354089d06f8d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B01D2A1681609FAD70851109E82FBB634CFF623A8F404038FE04DA282F628ED109AF1
                                                                                                                                                                                                                                                                                                                                                                          Function 007D2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,007CF2DE,007D3863,00871444,?,007BFDF5,?,?,007AA976,00000010,00871440,007A13FC,?,007A13C6), ref: 007D2DFD
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2E32
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2E59
                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,007A1129), ref: 007D2E66
                                                                                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,007A1129), ref: 007D2E6F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f5de29c34363c9f26d1813f066dd031848ea7151946514f83b340276cf31d3ed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f07819c9bd8e96d26c34f4c4600f74889727dc1cafd320578cea7432d87de56f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5de29c34363c9f26d1813f066dd031848ea7151946514f83b340276cf31d3ed
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0701D132605600AB861227346C4DD2B3779BBE17A6B25482BF465A2393EAACC8034120
                                                                                                                                                                                                                                                                                                                                                                          Function 0080000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?,?,0080035E), ref: 0080002B
                                                                                                                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?), ref: 00800046
                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?), ref: 00800054
                                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?), ref: 00800064
                                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,007FFF41,80070057,?,?), ref: 00800070
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bd838f54fa8cf736cb152cc6338e020dc93f410a994ffe7d042b1108762e967c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3aa5c1ec3562c957a1457c5175f7644465c15e7855b33533205e33213b0123ad
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd838f54fa8cf736cb152cc6338e020dc93f410a994ffe7d042b1108762e967c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B01A276A00604BFDB504F68DC08BAA7AEDFF84751F144524F905E2250DB71DE408BA0
                                                                                                                                                                                                                                                                                                                                                                          Function 0080E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0080E997
                                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0080E9A5
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0080E9AD
                                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0080E9B7
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0080E9F3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ee77ad08381c3e5299722a09b94bbbb69ea977f5cf94860916c46a8e47bc53dc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 629eaee782201667f42939ea5d53014bc7603672a18355fc751f9c9727e8e2ed
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee77ad08381c3e5299722a09b94bbbb69ea977f5cf94860916c46a8e47bc53dc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A015331C0162DDBCF90ABE5DC49AEEBF78FF48301F000946E902F2291CB3496508BA1
                                                                                                                                                                                                                                                                                                                                                                          Function 008010F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00801114
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 00801120
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 0080112F
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00800B9B,?,?,?), ref: 00801136
                                                                                                                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0080114D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 70fd698e81a678c7b7eef4ddd2dfd58f0b838bc850812943e7bebde77c76c4dd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f64996dd5afd51dc6153852c956f8bf3f1b64be7cdd45eb77a09742a035a78c5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70fd698e81a678c7b7eef4ddd2dfd58f0b838bc850812943e7bebde77c76c4dd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF011975200215BFDB155FA9DC4DA6A3B6EFFC93A0B204819FA45E73A0DA31DC009B60
                                                                                                                                                                                                                                                                                                                                                                          Function 00800FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00800FCA
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00800FD6
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00800FE5
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00800FEC
                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00801002
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a8cbb2074a500e40e17fba46bbd9570e830b03bdd769366637ef326d2456d9a7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fd1e81850e93ebf14f92293905c2319368af38e1ba4af2f22f196a50a126a699
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8cbb2074a500e40e17fba46bbd9570e830b03bdd769366637ef326d2456d9a7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F04935200701ABDB225FA49C4DF5A3BADFFC9B62F104814FA85E7291CA70DC508B60
                                                                                                                                                                                                                                                                                                                                                                          Function 00801014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0080102A
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00801036
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00801045
                                                                                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0080104C
                                                                                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00801062
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5fe5ed012c444bcf314a369522a2a9736617417c52cb238fa8260b1fde8adb85
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a81b7bb5374110de904b5b90d7f81d92ab238b7e979b6878c2afb28a1454a75
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fe5ed012c444bcf314a369522a2a9736617417c52cb238fa8260b1fde8adb85
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBF06D35200701EBDB219FA4EC5DF5A3BADFFC9761F100814FA85E72A0CA70D8508B60
                                                                                                                                                                                                                                                                                                                                                                          Function 0081030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0081017D,?,008132FC,?,00000001,007E2592,?), ref: 00810324
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0081017D,?,008132FC,?,00000001,007E2592,?), ref: 00810331
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0081017D,?,008132FC,?,00000001,007E2592,?), ref: 0081033E
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0081017D,?,008132FC,?,00000001,007E2592,?), ref: 0081034B
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0081017D,?,008132FC,?,00000001,007E2592,?), ref: 00810358
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0081017D,?,008132FC,?,00000001,007E2592,?), ref: 00810365
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c37e0de68720365227777f9b5fae3d2ea6feb07113cabce5e512154df01d8bab
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 392d8db20ab942da6aa116c65e53bc02850035ed11bb4b7183da77f3bdbfd40a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c37e0de68720365227777f9b5fae3d2ea6feb07113cabce5e512154df01d8bab
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27019072800B159FC730AF66DC80452F7F9FE502153158A3ED1A692A31C3B1A995DF80
                                                                                                                                                                                                                                                                                                                                                                          Function 007DD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD752
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000), ref: 007D29DE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: GetLastError.KERNEL32(00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000,00000000), ref: 007D29F0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD764
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD776
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD788
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007DD79A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fba32b8e8ab49892f7272fa5bf929421643b3f948cc5374f55b5fb98b09f8fc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 08fda04505eabaf7c10b5cb2c8d1423d2563096cb9230c6acb992a719ec342a9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fba32b8e8ab49892f7272fa5bf929421643b3f948cc5374f55b5fb98b09f8fc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF01232544204AB8635EB64F9C6C267BFDBB54760B951847F098E7712C778FC818A64
                                                                                                                                                                                                                                                                                                                                                                          Function 00805C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00805C58
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00805C6F
                                                                                                                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00805C87
                                                                                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 00805CA3
                                                                                                                                                                                                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00805CBD
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5ef9e438a6102be5b6487b5ac15fc5a56deb9f1933ec9bc8de45bb68b39f0c16
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cb19dd7e0f436beec5815620d4eae1d7d3edf20808860e649616bc5ee252db69
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ef9e438a6102be5b6487b5ac15fc5a56deb9f1933ec9bc8de45bb68b39f0c16
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3014B71500B04ABFB215B50DE4EFA67BA8FB50B05F041A5DA582A10E1EBB4A9848FA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007D22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D22BE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000), ref: 007D29DE
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D29C8: GetLastError.KERNEL32(00000000,?,007DD7D1,00000000,00000000,00000000,00000000,?,007DD7F8,00000000,00000007,00000000,?,007DDBF5,00000000,00000000), ref: 007D29F0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D22D0
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D22E3
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D22F4
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D2305
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 37fb1b28c896834bc84c4939fab231e92258d90d91de10e2c58a86842b5b83b1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8483706842c18a67732add5bf24e3af25d56a61660d1af109c6144da9e029b0b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37fb1b28c896834bc84c4939fab231e92258d90d91de10e2c58a86842b5b83b1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF03070420110CB8A22AF68BC1D8183B74F728750702051BF418E33BBCB78A493BFA4
                                                                                                                                                                                                                                                                                                                                                                          Function 007B95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 007B95D4
                                                                                                                                                                                                                                                                                                                                                                          • StrokeAndFillPath.GDI32(?,?,007F71F7,00000000,?,?,?), ref: 007B95F0
                                                                                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 007B9603
                                                                                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32 ref: 007B9616
                                                                                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 007B9631
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a60466fb259ceb3a150cd86b6d469fc4f1a1bda26cd77b16b6be3d15b29b141
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: df8da573f605797fe80f438fb3895128454535cfd17b2f04cba0b3915ccb7e64
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a60466fb259ceb3a150cd86b6d469fc4f1a1bda26cd77b16b6be3d15b29b141
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2F03731006648EBDB265F69ED1CBA83F61BB42326F448214F729694F4D73489A2DF20
                                                                                                                                                                                                                                                                                                                                                                          Function 007D0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9692ec022c2e15b8b94de5dd5aba5047b98afe7c373edf2c2be60a5e42cfee5b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0c6ef45c1912b0979cdd7cc0ad187844baabcd932519e66b19a017862901f604
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9692ec022c2e15b8b94de5dd5aba5047b98afe7c373edf2c2be60a5e42cfee5b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22D1F731A00206EADB289F68C855BFEB7B1FF06300FA8415BE545AB751D37D9D80CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 00827B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C0242: EnterCriticalSection.KERNEL32(0087070C,00871884,?,?,007B198B,00872518,?,?,?,007A12F9,00000000), ref: 007C024D
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C0242: LeaveCriticalSection.KERNEL32(0087070C,?,007B198B,00872518,?,?,?,007A12F9,00000000), ref: 007C028A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C00A3: __onexit.LIBCMT ref: 007C00A9
                                                                                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00827BFB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C01F8: EnterCriticalSection.KERNEL32(0087070C,?,?,007B8747,00872514), ref: 007C0202
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C01F8: LeaveCriticalSection.KERNEL32(0087070C,?,007B8747,00872514), ref: 007C0235
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 256ccc21cf05f18476abc7161e0f727adb0614e5f074e06a31c8832e30719426
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8729d0e89c78fc6c00221f51ff2b814ed362dd5f4a544f497b714c4817e665b9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 256ccc21cf05f18476abc7161e0f727adb0614e5f074e06a31c8832e30719426
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17919D70A04219EFCB14EF99E894DADB7B1FF45304F108059F806EB292DB35AE81CB52
                                                                                                                                                                                                                                                                                                                                                                          Function 007D5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: JOz
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1165826796
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c7408128bd67e2f70dc4a7b8c23c8f4871e64f4dd69be1f6c50fab6d311d47cf
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1b5c21999c6e2dff41cd5564d0602622e9b2b0158b43ba138286eec1193256a5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7408128bd67e2f70dc4a7b8c23c8f4871e64f4dd69be1f6c50fab6d311d47cf
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC51EFB1D1060AEFDB219FA4C949FAEBFB8AF45310F14001BF409A7391D7799901DB61
                                                                                                                                                                                                                                                                                                                                                                          Function 007D8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 007D8B6E
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 007D8B7A
                                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007D8B81
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                          • String ID: .|
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2434981716-4027933657
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: baff34f6fefed34c62195136145e07aeb0b27dfa9f3852a2b652a29cb8356a9d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bd1f7c8019f1c80b94aef5b3458377be1c3d61107d95e9b8f92977a62179b8a9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baff34f6fefed34c62195136145e07aeb0b27dfa9f3852a2b652a29cb8356a9d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71417CF0604185AFCB659F28C885A7D7FB5EB85304B28819FF89487352DE39CC029751
                                                                                                                                                                                                                                                                                                                                                                          Function 00802716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008021D0,?,?,00000034,00000800,?,00000034), ref: 0080B42D
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00802760
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008021FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0080B3F8
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0080B355
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00802194,00000034,?,?,00001004,00000000,00000000), ref: 0080B365
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00802194,00000034,?,?,00001004,00000000,00000000), ref: 0080B37B
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008027CD
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0080281A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 899b553855a579c66fc0792cd15b44405e259118b325ea5bf192a754470a1700
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: dd44ce169c49eba0eb0d89d066f58ad512912456126dce211f1ceb8c55694f56
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 899b553855a579c66fc0792cd15b44405e259118b325ea5bf192a754470a1700
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40412F76900218AFDB50DFA8CD46ADEBBB8FF49700F104059FA55B7181DB706E45CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 007D172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\rpDOUhuBC5.exe,00000104), ref: 007D1769
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D1834
                                                                                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 007D183E
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2506810119-3615877580
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 38e24908982e14b6f47f550595bed69e19bdbb456b18c74554c1aca6ffd4d828
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 64e0bacaf1dac5c4d5a2291f037d4aab207d114f1c006ef7425b8d7a7093e7b3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38e24908982e14b6f47f550595bed69e19bdbb456b18c74554c1aca6ffd4d828
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A318071A00218FFDB21DB99D889D9EBBFCEB95320B54416BF404D7322D6748E41DB90
                                                                                                                                                                                                                                                                                                                                                                          Function 0080C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0080C306
                                                                                                                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0080C34C
                                                                                                                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00871990,01665D18), ref: 0080C395
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2b22b5edf260241bd5aa35e578f8ed30eafbf7ea6beecf4327e1a4f17497c48d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: efd395b9cfad11ebd4ea317ea7155126ac912f117cd32f783ac8cc5289db4f07
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b22b5edf260241bd5aa35e578f8ed30eafbf7ea6beecf4327e1a4f17497c48d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F04158312043019BDB609F29DC85B5ABBA8FB85324F158B1EE9A5D73D2D730A904CB62
                                                                                                                                                                                                                                                                                                                                                                          Function 00834416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0083CC08,00000000,?,?,?,?), ref: 008344AA
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 008344C7
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008344D7
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4207300048b8e4e6b8b19053882da21956f41b8587b53680c1360b79e8137336
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e6df3e0e2cf2736b32d64e0532672b3bf3dec66dbd44d2c8e7132d9b2cfbf0bc
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4207300048b8e4e6b8b19053882da21956f41b8587b53680c1360b79e8137336
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E317C32211205ABDF209E38DC45BEA7BA9FB89324F205725F975E21D1D774EC509790
                                                                                                                                                                                                                                                                                                                                                                          Function 0082304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0082335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00823077,?,?), ref: 00823378
                                                                                                                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0082307A
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0082309B
                                                                                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 00823106
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f32885dcb5730a39f49fb7622dc33bf7098f9f8b6df9526f2ffe85ec9fb8690
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 46939fa49888124f35e918ebded33cc4838c405915ea57a077aebd06c10d348c
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f32885dcb5730a39f49fb7622dc33bf7098f9f8b6df9526f2ffe85ec9fb8690
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE31CF352002259FCB10CF68D496EAA77A0FF54318F248459E915CB392DB3AEE81C760
                                                                                                                                                                                                                                                                                                                                                                          Function 00833EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00833F40
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00833F54
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00833F78
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5945d86bd28e838b95d0b5bcbc954881d44e2cbd3801bd7d9b36471e2206eac8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9f6d7c5d0f481b1f7222b9889011a346741eade145bbba97c4021d8876ff3fa6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5945d86bd28e838b95d0b5bcbc954881d44e2cbd3801bd7d9b36471e2206eac8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85219F32600219BFDF219F54DC46FEA3B75FB88714F110214FA15BB1D0DAB5A9908B90
                                                                                                                                                                                                                                                                                                                                                                          Function 00834653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00834705
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00834713
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0083471A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 37198e0f94305f309dfb94ce31169c441aedf590a097a65331fb598fd253dc37
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 32b6ec40eaa041382d4a873b58a7ef7f32bfe800b5ce71671aee14f97b8a3389
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37198e0f94305f309dfb94ce31169c441aedf590a097a65331fb598fd253dc37
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F217CB5600208AFEB10DF68DC85DA737ADFB9A394B040449FA05DB251DB34FC51CAA0
                                                                                                                                                                                                                                                                                                                                                                          Function 008095AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f009fc02594c6c45204dce255d6051a7d5a541235e1cc0b9916aebc626dd15e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0c70a4428e59a73753d0608cf948d9afbe7c7fb5659f63ce12bfb71a634378f9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f009fc02594c6c45204dce255d6051a7d5a541235e1cc0b9916aebc626dd15e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2213872104511A6C371AB259C06FB77398FFA1314F10402AF9EAD71C3EB5AAD41C2D5
                                                                                                                                                                                                                                                                                                                                                                          Function 008337B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00833840
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00833850
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00833876
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f8d69c36223ba6ec1bf3e82b34209eb848924d53dbaac2c2dbe411fae47704ca
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3e2e0c0198b54d4288147f0c820ca9e1419a969bc5b79471a2ca9de1ec59443d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8d69c36223ba6ec1bf3e82b34209eb848924d53dbaac2c2dbe411fae47704ca
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9218E72610218BBEF219F54DC85EAB376AFFC9764F118124F914AB190C675DC5287E0
                                                                                                                                                                                                                                                                                                                                                                          Function 008149F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00814A08
                                                                                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00814A5C
                                                                                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,0083CC08), ref: 00814AD0
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: e8ba15cba2cd92f7a737d6254b18a062e10ca57d0260783a01f07fa00acec483
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0a95ee86b78947254fed94cee6474013be105be4b0ac4ba971288358f4d0017b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8ba15cba2cd92f7a737d6254b18a062e10ca57d0260783a01f07fa00acec483
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B318E75A00118AFDB10DF64C885EAABBF8FF49308F1480A4F909EB252D775EE45CB61
                                                                                                                                                                                                                                                                                                                                                                          Function 008341EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0083424F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00834264
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00834271
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 00f4de0a28cca5f55bdd0ede8e3b42935b70da930d2593f266e46659dc1a485e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f75e5e2a8d6b8bd757a0059821e96309b9242473bb82db37004a8de1ec07a810
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00f4de0a28cca5f55bdd0ede8e3b42935b70da930d2593f266e46659dc1a485e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0711A331240248BEEF205E69CC06FAB3BACFFD5B54F110524FA55E61A0D671E8519B50
                                                                                                                                                                                                                                                                                                                                                                          Function 00802F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A6B57: _wcslen.LIBCMT ref: 007A6B6A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00802DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00802DC5
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00802DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00802DD6
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00802DA7: GetCurrentThreadId.KERNEL32 ref: 00802DDD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00802DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00802DE4
                                                                                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00802F78
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00802DEE: GetParent.USER32(00000000), ref: 00802DF9
                                                                                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00802FC3
                                                                                                                                                                                                                                                                                                                                                                          • EnumChildWindows.USER32(?,0080303B), ref: 00802FEB
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 390bf79c2247bf9f36fe90dd95c55bbce868ed6e892dfefdd96c7d1b71169810
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0db5e1497ac0ff74fde918d9b5b9a82a709431a7e5d38440d5849b4f2792d1c8
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 390bf79c2247bf9f36fe90dd95c55bbce868ed6e892dfefdd96c7d1b71169810
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F011C0B1200209ABDF417F648C8AEEE776AFF95304F044079BD09EB292EE749D058B70
                                                                                                                                                                                                                                                                                                                                                                          Function 00835882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008358C1
                                                                                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008358EE
                                                                                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 008358FD
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5fe52aaf6a338b52b3ba85eb9e9f1105e48ecfa74d74c0d02e19b950ef55a7b0
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d4f86494f690da02e57cf64c79b98db37795741e3228b94e7e144a5730710ec0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fe52aaf6a338b52b3ba85eb9e9f1105e48ecfa74d74c0d02e19b950ef55a7b0
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10016D71500218EFDB219F11EC49BEEBBB4FB85760F108099E849E6151DB348A94DF61
                                                                                                                                                                                                                                                                                                                                                                          Function 0080007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7c817d178eca02abc80acad05a9075ce180ae0d053828e05e558619ee9f43699
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8cf3e29ef6e1611b47c588f12d4a6cbcc758ee4b3687665e562cd4036fd4cb51
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c817d178eca02abc80acad05a9075ce180ae0d053828e05e558619ee9f43699
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42C12875A0020AEFDB55CFA4C894BAEB7B5FF48704F218598E505EB291D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 0082342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c33007a7e6a59bd2ff00800b9e3a5c67d8cfc52a84a5c9a268f851d660c8f4f6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6abf0f902ae076a554c53a5f93ed9631ed34f5abfdb775f58b0cb2a6904cd0d1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c33007a7e6a59bd2ff00800b9e3a5c67d8cfc52a84a5c9a268f851d660c8f4f6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29A17B75604210DFC700EF28C895A2AB7E5FF89714F048959F98ADB362DB34EE41CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 00800436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0083FC08,?), ref: 008005F0
                                                                                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0083FC08,?), ref: 00800608
                                                                                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,0083CC40,000000FF,?,00000000,00000800,00000000,?,0083FC08,?), ref: 0080062D
                                                                                                                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 0080064E
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 32131ceaa523a403bf2e8803d61106e8a667e61b89208e506a7bec1d7d537722
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f56954ea7483c7bc8806806e77d38d63cfe349bc4cccf2db9ab359732d5e70e9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32131ceaa523a403bf2e8803d61106e8a667e61b89208e506a7bec1d7d537722
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0881C875A00209EFCB44DF94C984EAEB7B9FF89315F204558E516EB290DB71AE06CF60
                                                                                                                                                                                                                                                                                                                                                                          Function 0082A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0082A6AC
                                                                                                                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0082A6BA
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0082A79C
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0082A7AB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,007E3303,?), ref: 007BCE8A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 108c69eb5bcc84c639bf2ae61a84d946e9f3a8b943f85ed51f9064fa635f5bdc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a8ec6c56f0ad71964e54023a02ab14ea21ce20ecdedd624ccee5736474e70f1e
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 108c69eb5bcc84c639bf2ae61a84d946e9f3a8b943f85ed51f9064fa635f5bdc
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30511A71508310AFD714EF24D88AA6BBBE8FFC9754F048A2DF58597251EB34D904CB92
                                                                                                                                                                                                                                                                                                                                                                          Function 007E1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 790d192cdb6849f30892b05d9b212120d581718fbad49b88dc415ebda6748ccd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: d266112d4457a779b37b3eaa8fb8dafc65c0dac5e3acc34a6dc72a6cb49d8d0d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 790d192cdb6849f30892b05d9b212120d581718fbad49b88dc415ebda6748ccd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80410A316015D0EBDB216BBA8C4BAAE3BB5FF4B370F54422AF419D63D2E63C48419661
                                                                                                                                                                                                                                                                                                                                                                          Function 00836278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008362E2
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00836315
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00836382
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 39caae0c38500147f70033dc0bc34c18f635c57ab14fb64c38dede0101a73a2b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a6ac4d7132928dc8280c19aa0530268f276d223a40412ca0356913640870b6a9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39caae0c38500147f70033dc0bc34c18f635c57ab14fb64c38dede0101a73a2b
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE513A75A00209EFCF10DF68D884AAE7BB5FB85360F108259F915DB2A0E730ED91CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 00821AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00821AFD
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00821B0B
                                                                                                                                                                                                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00821B8A
                                                                                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00821B94
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2721f872bc0fb01f03280d53f76092be74007478fac8a4a217819d842a6c1e76
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: eceb16c66c486d899d6a6eb60eff52676e671a8543a0e85220501c6a5cd7ef84
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2721f872bc0fb01f03280d53f76092be74007478fac8a4a217819d842a6c1e76
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8841D234600210AFEB20AF24D88AF2A77E5EB85718F548558F91A9F3D3D776DD81CB90
                                                                                                                                                                                                                                                                                                                                                                          Function 007DB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: a1fe1e24490893cc73a0281c97e36bb200f342e081625e88cd5d468fedaca0db
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: cd7660c5582b220e567692f8e11c14d920d1f09289b0d9464ba1518f9f604f4a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1fe1e24490893cc73a0281c97e36bb200f342e081625e88cd5d468fedaca0db
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB41D372A00244EFD724DF78C845B6ABBB9EB88710F11452FF141DB382D77999018790
                                                                                                                                                                                                                                                                                                                                                                          Function 008156D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00815783
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 008157A9
                                                                                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008157CE
                                                                                                                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008157FA
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9f66cf7417a5972beafed83318ad400ac8e1715cffaaa4ca6493a0e562d8ae0e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 333e66dbac2febe6a7ff1b366de371bbad06ccd7676551760b73bf4bb9bdb522
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f66cf7417a5972beafed83318ad400ac8e1715cffaaa4ca6493a0e562d8ae0e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7411D35600610DFCB15EF15C545A5EBBE6FFC9320B198898E84AAB362CB34FD40CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007DD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,007C6D71,00000000,00000000,007C82D9,?,007C82D9,?,00000001,007C6D71,?,00000001,007C82D9,007C82D9), ref: 007DD910
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007DD999
                                                                                                                                                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007DD9AB
                                                                                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 007DD9B4
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007D3820: RtlAllocateHeap.NTDLL(00000000,?,00871444,?,007BFDF5,?,?,007AA976,00000010,00871440,007A13FC,?,007A13C6,?,007A1129), ref: 007D3852
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c27b859d0758eb7d60abd424972b1130e6a743d095b6749925b23b4a1b17ba6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 947f1e59e217b8046ef12ca46a1746de8ef9ee95dc9d306c79eaea5d6cf68218
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c27b859d0758eb7d60abd424972b1130e6a743d095b6749925b23b4a1b17ba6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A31CF72A0020AABDF25DF65DC95EAE7BB5EB40310F05416AFC04D7251EB3AED50DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 008352C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00835352
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00835375
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00835382
                                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008353A8
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e4595da82e4683619a464e71a0fa4be42d244ec5cf63da7d650ab940a9ba043
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e1db92d17c1d0932293bde27133248ecd9017b289b1b379568990ba8376d2c2a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e4595da82e4683619a464e71a0fa4be42d244ec5cf63da7d650ab940a9ba043
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31C234A95A0CEFEF309A18CC1ABE97765FB86390F584501FA11D63E1C7B49980DBC2
                                                                                                                                                                                                                                                                                                                                                                          Function 0080AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0080ABF1
                                                                                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0080AC0D
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0080AC74
                                                                                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0080ACC6
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bdc0f3ea3f3e50aeccfaf1d4480adbce98a16302f9a4e3d84ad9de9f7a84189e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ef566f4af4979a26988e12f4a4327d48b35b9748b1ea4b63c6e0eed12052a847
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdc0f3ea3f3e50aeccfaf1d4480adbce98a16302f9a4e3d84ad9de9f7a84189e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D311230A04718AFFB698B68CC097FE7AA5FB89314F05471AE485E61D1D37489818792
                                                                                                                                                                                                                                                                                                                                                                          Function 00837674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0083769A
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00837710
                                                                                                                                                                                                                                                                                                                                                                          • PtInRect.USER32(?,?,00838B89), ref: 00837720
                                                                                                                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 0083778C
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 14fdb261d5e6921380e17f2fab4a3895e7686901c0e92f74cc1361ec85a85246
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f0558ce2d47cc17b6a868067d59fdcf6fad6059c97d508bb80422e737002d028
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14fdb261d5e6921380e17f2fab4a3895e7686901c0e92f74cc1361ec85a85246
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E419CB4605258AFDB21CF58C899FA9BBF4FB89314F1440A8E518DB261D330E982CBD0
                                                                                                                                                                                                                                                                                                                                                                          Function 008316DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 008316EB
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00803A57
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: GetCurrentThreadId.KERNEL32 ref: 00803A5E
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008025B3), ref: 00803A65
                                                                                                                                                                                                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 008316FF
                                                                                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 0083174C
                                                                                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00831752
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 69a44709ae0228a2ca89a7ac93709870ed10ee248a6a1fbe5f71ec3a89134643
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 19faf2abdec6355cf5ad8f27ae472ad6588cd86f524c4c91453bfedb6bbdcde3
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69a44709ae0228a2ca89a7ac93709870ed10ee248a6a1fbe5f71ec3a89134643
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E317071E00109AFCB04EFA9C885CAEBBFDFF89304B5480A9E415E7211DB359E45CBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00838FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00839001
                                                                                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,007F7711,?,?,?,?,?), ref: 00839016
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0083905E
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,007F7711,?,?,?), ref: 00839094
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 405617d43dbb8c53a42f1a6322f5e64e22645b75292730c4621510f449786884
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 4f8cec892b5143f618c61a2a4674bbaa818d0b5e4158663f39365270b9fb0bd2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 405617d43dbb8c53a42f1a6322f5e64e22645b75292730c4621510f449786884
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0721BF35600518EFCB298F98C868EEA7BF9FB89350F004065FA4597261C3719990DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 0080D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0083CB68), ref: 0080D2FB
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0080D30A
                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0080D319
                                                                                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0083CB68), ref: 0080D376
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: fcc280414b71debfcf6f54f1a18d9ba0bfd12b050f702a46f8d2bf26acde6585
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fa3b328452e5bef2dec91a6f02a8728724db979e0b82f301e92ad92e124a5e67
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcc280414b71debfcf6f54f1a18d9ba0bfd12b050f702a46f8d2bf26acde6585
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8217A705093019FC740DF68C88586AB7E8FE9A364F104A1DF4A9D33E1EB359946CB93
                                                                                                                                                                                                                                                                                                                                                                          Function 00801571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0080102A
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00801036
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00801045
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0080104C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00801014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00801062
                                                                                                                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008015BE
                                                                                                                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 008015E1
                                                                                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00801617
                                                                                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0080161E
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 626333cf1c526b3dd638ae422762d202c240420ffccc18df09af76470880d2ee
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: ed2d08fd1b869d5ae9e72595722612b6575822c3197b529a9f1665787898d277
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 626333cf1c526b3dd638ae422762d202c240420ffccc18df09af76470880d2ee
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C215731E00108AFDF54DFA4CD49BEEB7B8FF94364F084859E451AB281E731AA45DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 00832782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0083280A
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00832824
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00832832
                                                                                                                                                                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00832840
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 67c28db26dc13a3fd27d133fd475c691ce054a16ed576f2c7130f1503b026338
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: de1f507d4a85762ee89000420345af158bc08b2d951142a3e1dc016b0fe8cb15
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67c28db26dc13a3fd27d133fd475c691ce054a16ed576f2c7130f1503b026338
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F621BD31204125AFD7149B24C855FAA7B95FFC6324F188258F426CB6E2CB75EC82CBD1
                                                                                                                                                                                                                                                                                                                                                                          Function 008078F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00808D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0080790A,?,000000FF,?,00808754,00000000,?,0000001C,?,?), ref: 00808D8C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00808D7D: lstrcpyW.KERNEL32(00000000,?,?,0080790A,?,000000FF,?,00808754,00000000,?,0000001C,?,?,00000000), ref: 00808DB2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00808D7D: lstrcmpiW.KERNEL32(00000000,?,0080790A,?,000000FF,?,00808754,00000000,?,0000001C,?,?), ref: 00808DE3
                                                                                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00808754,00000000,?,0000001C,?,?,00000000), ref: 00807923
                                                                                                                                                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,00808754,00000000,?,0000001C,?,?,00000000), ref: 00807949
                                                                                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00808754,00000000,?,0000001C,?,?,00000000), ref: 00807984
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1f3e287e12f36a94a379956071f36b077a08765b038ce75d0d63338261ca79fd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0da49657621382ca068cdcf26c8b24e1fa56a0725a558db43c6b6a990ac08665
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f3e287e12f36a94a379956071f36b077a08765b038ce75d0d63338261ca79fd
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9211263A200342ABDB159F38CC45E7A7BA9FF85350B00402AF842C73A4EB35E811D7A1
                                                                                                                                                                                                                                                                                                                                                                          Function 00837CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00837D0B
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00837D2A
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00837D42
                                                                                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0081B7AD,00000000), ref: 00837D6B
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 72fc03d30decfab5f45cf97dc94b5bbb3c1b37c1ec72a89b80493833ae4f20b6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a1816d85476a4b96816567c7234b39b2f497922c589d21f669acf099e046be5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72fc03d30decfab5f45cf97dc94b5bbb3c1b37c1ec72a89b80493833ae4f20b6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11DF72204658AFCB209F28CC08AA63BA4FF85360F118728F939D72F4E730C951DB80
                                                                                                                                                                                                                                                                                                                                                                          Function 00835660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 008356BB
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008356CD
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008356D8
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00835816
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: aa5461be3eae64aa6be4c17da878211680152e6b4536a7520dc76dfa5f082102
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 465e319b2cc9ef50833b33a63d7f15853f65ba93b8e6398cb61cdebe0801a2c0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa5461be3eae64aa6be4c17da878211680152e6b4536a7520dc76dfa5f082102
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 581106B1600618A6DF20DF65DC85AEE37ACFF91764F10442AF915E6081E774CA80CBE4
                                                                                                                                                                                                                                                                                                                                                                          Function 007D1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 30ce25568bd6b1e17935ac17a34e7cb0063463ce15e90f080c6b2b484793fbf1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 949c5ed3ada3b060075a753f09364f4b5a3e882a3df888f555ab3544971a593f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30ce25568bd6b1e17935ac17a34e7cb0063463ce15e90f080c6b2b484793fbf1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23018FB23096167EF62116786CC4F27763EEF813B8B750327F521613D2DB689C419670
                                                                                                                                                                                                                                                                                                                                                                          Function 00801A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00801A47
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00801A59
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00801A6F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00801A8A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b4e6d79c5dafbeddc3f5b87fc89b189c11f496a7bd9a32592a293693b94a19ef
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f5d0817f75f3910c1ffd5dbbe8763060d4424eab4d4d406a5b02d67ff3b28852
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4e6d79c5dafbeddc3f5b87fc89b189c11f496a7bd9a32592a293693b94a19ef
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC11FA3AA01229FFEF119BA5CD85FADBB78FB04764F200095E604B7290D7716E50DB94
                                                                                                                                                                                                                                                                                                                                                                          Function 0080E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0080E1FD
                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0080E230
                                                                                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0080E246
                                                                                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0080E24D
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0316aad02003f716881c3b07560ffb53cefc1f5e463ec18f7cc81c3d49442598
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 38a8e8ee76d47d1472d6d9c80c4e30f2b717e99a1815b1f9dc6ec0a461e8d508
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0316aad02003f716881c3b07560ffb53cefc1f5e463ec18f7cc81c3d49442598
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF11A576904258BBCB019FAC9C0DA9F7BACFB85314F044659F924E3391D774C94487A0
                                                                                                                                                                                                                                                                                                                                                                          Function 007CD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,007CCFF9,00000000,00000004,00000000), ref: 007CD218
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007CD224
                                                                                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007CD22B
                                                                                                                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 007CD249
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2601e7cff8995cd763e6463f225f1a8202f39abf4f6a26df8447c09ce043a6b9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: a2e59c9d49624183db6b80b85fd923fb2132668eae0a626d04169d6c56f3799f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2601e7cff8995cd763e6463f225f1a8202f39abf4f6a26df8447c09ce043a6b9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E601AD76805208BBCB215BA5DC09FAE7B69EB81330F20022DF925921D0DA78CD0197A0
                                                                                                                                                                                                                                                                                                                                                                          Function 00839EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007B9BB2
                                                                                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00839F31
                                                                                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00839F3B
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00839F46
                                                                                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00839F7A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8f7464399de9e233764386ac9eaa5df283aceb825ac5d2c69dc90f505cacc1a6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a1b6c826933a0f33dc3bb18bf80a2145746e0730a4c67193c7b3825a7cbda68
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f7464399de9e233764386ac9eaa5df283aceb825ac5d2c69dc90f505cacc1a6
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9111573290021AABDF10EFA8D889DEE77B8FB85311F004855F951E3140DB74BA81CBE2
                                                                                                                                                                                                                                                                                                                                                                          Function 007A600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007A604C
                                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 007A6060
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 007A606A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: bdeed8932e6285b8f197a2fb6237d383710cb6fe7c67e35439a9daf61277d384
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f1ec3ddc2ee3799bbe9d4b58d73ba0d8171baa5d0a28213f17ef0d1b41eb0962
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdeed8932e6285b8f197a2fb6237d383710cb6fe7c67e35439a9daf61277d384
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87115B72501549BFEF124FA49C44EEBBBA9FF997A4F090215FA1462110D736DCA0AFA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007C3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 007C3B56
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007C3AD2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007C3AA3: ___AdjustPointer.LIBCMT ref: 007C3AED
                                                                                                                                                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 007C3B6B
                                                                                                                                                                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007C3B7C
                                                                                                                                                                                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 007C3BA4
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fec07b3e060ad86dde41a358fa80f9fdf7bc1bf7fa750d988aac3ea6537f971a
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96012972100148BBDF125E95CC46EEB3B7EEF58754F04801CFE4856121C73AE961DBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007D3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007A13C6,00000000,00000000,?,007D301A,007A13C6,00000000,00000000,00000000,?,007D328B,00000006,FlsSetValue), ref: 007D30A5
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,007D301A,007A13C6,00000000,00000000,00000000,?,007D328B,00000006,FlsSetValue,00842290,FlsSetValue,00000000,00000364,?,007D2E46), ref: 007D30B1
                                                                                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007D301A,007A13C6,00000000,00000000,00000000,?,007D328B,00000006,FlsSetValue,00842290,FlsSetValue,00000000), ref: 007D30BF
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b1711291967195ba02acfd6c5588f7445db59899b732be01784feb3b602625f3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: fdd76442abf61141741586cddcd398ea521fa6ebbaa79798db72265e4607aa47
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1711291967195ba02acfd6c5588f7445db59899b732be01784feb3b602625f3
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD012B32301226ABCB314B78AC449577BAABF45B61B240721F909F3380C725D901C7E1
                                                                                                                                                                                                                                                                                                                                                                          Function 00807464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0080747F
                                                                                                                                                                                                                                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00807497
                                                                                                                                                                                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008074AC
                                                                                                                                                                                                                                                                                                                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008074CA
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e0d8877a7df3a3e7f039f5965df36411fb8b24f548ca6fa3499a0c98377d7f7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a357a558d0bf673b0426682ec312ba7661eab977bf567c2b3c22cb08f0ecf5b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e0d8877a7df3a3e7f039f5965df36411fb8b24f548ca6fa3499a0c98377d7f7
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2511ADB5A05B19ABE7308F14EC08B927BFCFB40B04F108569E656E6191D7B0F944DBA4
                                                                                                                                                                                                                                                                                                                                                                          Function 0080B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0080ACD3,?,00008000), ref: 0080B0C4
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0080ACD3,?,00008000), ref: 0080B0E9
                                                                                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0080ACD3,?,00008000), ref: 0080B0F3
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0080ACD3,?,00008000), ref: 0080B126
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 352eedced5b092985cbe3c7fb6825ec3c77ebebbb310eb155d05825175240c84
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 59d9c120cbf6c12c777193df622d462371525245684a42301d5235a5ee30427b
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 352eedced5b092985cbe3c7fb6825ec3c77ebebbb310eb155d05825175240c84
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85116D31C0192DE7CF00AFE4ED58AEEBF78FF4A711F114485D941B2281DB3056609B91
                                                                                                                                                                                                                                                                                                                                                                          Function 00837E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00837E33
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00837E4B
                                                                                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00837E6F
                                                                                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00837E8A
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 640620c4cb14f43c2e58490fb7bedaea3730496f14a334972dd13174096380de
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b915bff4ed9e60b986330f5c3ee540dffa65a2d472ae851f2e38451869d576c1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 640620c4cb14f43c2e58490fb7bedaea3730496f14a334972dd13174096380de
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD1143B9D0020AAFDB51CF98C8849EEBBF5FB58310F505056E915E2210D735AA54CF90
                                                                                                                                                                                                                                                                                                                                                                          Function 00802DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00802DC5
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00802DD6
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00802DDD
                                                                                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00802DE4
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c9e0ac0d13bbb9a647a12da0531413b714738181ae04c9c83460f33a00ac7646
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 14dcb97babc4cdac04c3d3cac8dd3d53d29eafbe647f80faf1f4f593c89f0ffb
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9e0ac0d13bbb9a647a12da0531413b714738181ae04c9c83460f33a00ac7646
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EE0EDB15016287ADB202B629C0EEEB7E6CFB96BA1F400519B506E1090AAA5C941D7B1
                                                                                                                                                                                                                                                                                                                                                                          Function 00838863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007B9693
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: SelectObject.GDI32(?,00000000), ref: 007B96A2
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: BeginPath.GDI32(?), ref: 007B96B9
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007B9639: SelectObject.GDI32(?,00000000), ref: 007B96E2
                                                                                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00838887
                                                                                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 00838894
                                                                                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 008388A4
                                                                                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 008388B2
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 4deead830350bab17df2dc4065f8d85ff737efa0b09412749a63bbb38a2a3c8e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 99e5ae80a6c346149dfb8445e805376964cf9a7db8a8d0edfc09a56b2766f7d1
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4deead830350bab17df2dc4065f8d85ff737efa0b09412749a63bbb38a2a3c8e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1F01736046658EADB125F98AC0DBCA3E69BF46310F448000FB12650E2876555519BE5
                                                                                                                                                                                                                                                                                                                                                                          Function 007B98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 007B98CC
                                                                                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 007B98D6
                                                                                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 007B98E9
                                                                                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 007B98F1
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ce30b4c5558aa71bfe3a42a5d2c6cbbcc0f9e3a62707cd7c5b866762ae09be97
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 06526b79835fb2d27dc2f6175fe7dccc493ba2f296e3fab85089190a5bc24075
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce30b4c5558aa71bfe3a42a5d2c6cbbcc0f9e3a62707cd7c5b866762ae09be97
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E06531244284AADF215B78AC09BEC3F10BB51335F048A19F7F5640E1C3754650DB10
                                                                                                                                                                                                                                                                                                                                                                          Function 0080162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00801634
                                                                                                                                                                                                                                                                                                                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,008011D9), ref: 0080163B
                                                                                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008011D9), ref: 00801648
                                                                                                                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,008011D9), ref: 0080164F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: adb95474c702ba992d1877f935f9baebe27775ecb99c6f9d1715952854c581fb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e6ea65b3d8e260ae80c7fccbd40c2b6e3472f1d27a57c38a42a0e412400350af
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adb95474c702ba992d1877f935f9baebe27775ecb99c6f9d1715952854c581fb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE08C32602211EBDB601FA1AE0DB877B7CFF947A2F148C08F245E9080E7388444CB60
                                                                                                                                                                                                                                                                                                                                                                          Function 007FD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007FD858
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 007FD862
                                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 007FD882
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 007FD8A3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 7dec0b06250e6b2e7e0019c6baa8a43ff9706b3c38c9bd10d16b87227ae9873d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: da0764fc710c7e378f8189dd642cbb506a02a31efdecdc296900cc1e37ef7e27
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dec0b06250e6b2e7e0019c6baa8a43ff9706b3c38c9bd10d16b87227ae9873d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77E01AB1800604EFCF51AFA0D80D66DBBB2FB98310F148809F846F7260E7388941AF40
                                                                                                                                                                                                                                                                                                                                                                          Function 007FD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 007FD86C
                                                                                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 007FD876
                                                                                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 007FD882
                                                                                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 007FD8A3
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 443a91d016d8e229c616de98908d99f445b75c957c988df402c75d55b5c2ba0f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 608e16996b715c9944bdfb42d589326b810c6627439fc03494127de4da570741
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 443a91d016d8e229c616de98908d99f445b75c957c988df402c75d55b5c2ba0f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBE092B5800604EFCF51AFA0D84D66DBBB5BB98311F149849F94AF7260EB789901AF50
                                                                                                                                                                                                                                                                                                                                                                          Function 00814D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A7620: _wcslen.LIBCMT ref: 007A7625
                                                                                                                                                                                                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00814ED4
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 71b6e4fd733e0ebd74bd293a0686befa0bc97f880ce1f36c5cfdbf9be4b31482
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 77856965bbbfedae4cb5eff70b60fd8b87a387a98dabcd264867eaf2ab55593d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71b6e4fd733e0ebd74bd293a0686befa0bc97f880ce1f36c5cfdbf9be4b31482
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C913C75A00204DFCB14DF58C484EA9BBF5FF49318F199099E40A9B3A2DB35ED86CB91
                                                                                                                                                                                                                                                                                                                                                                          Function 007BE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 2928eb0cae33750e7dacbe7c4d11af847ef4b04343bb91254dc2af1ae49bcc48
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6341af95d47367854d7c7e3cb3f2392173552b18690b208dcaa1288028807af4
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2928eb0cae33750e7dacbe7c4d11af847ef4b04343bb91254dc2af1ae49bcc48
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B751123550424ADFDB15EF28C485AFA7BA4FF56310F248069F9919B3E0DA3C9D42CBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 007BF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 007BF2A2
                                                                                                                                                                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 007BF2BB
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d9364e01ea8d100b046d51cbad38afe06b02f7b61c28012621eae7ab5395ba54
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6f47cdfe47115a9006b0e35da3d8953088134249130850ac28e4c35d9d116a8d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9364e01ea8d100b046d51cbad38afe06b02f7b61c28012621eae7ab5395ba54
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45512372418744EBD320AF10DC8ABABBBF8FBC5300F81895DF199411A5EB748529CB66
                                                                                                                                                                                                                                                                                                                                                                          Function 00825745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008257E0
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 008257EC
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9ad435ba171d039e4689b4b52ec36ab5d5b73b5f7f586bf21d298e9fe0e1ecb1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9dbd33188e51f66b9c33f8fcba16ec771bea9760c5ef7aff7ca6f90b770c93aa
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ad435ba171d039e4689b4b52ec36ab5d5b73b5f7f586bf21d298e9fe0e1ecb1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541BD31E40219DFCB04DFA8D8869BEBBB5FF99724F104129E505EB291E7749D81CBA0
                                                                                                                                                                                                                                                                                                                                                                          Function 0081D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0081D130
                                                                                                                                                                                                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0081D13A
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 3a40219d21063e5e9e050c5c4f18bf86ddf22e63c6bb9a4315cd34edd24a7e35
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 1eda6d458c27a58f8d7fc7879de3a192e6948eddb4814547471d64b7280366df
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a40219d21063e5e9e050c5c4f18bf86ddf22e63c6bb9a4315cd34edd24a7e35
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96311A71D00219EBCF15EFA4CC89AEEBFB9FF45300F000119F815A6162E735AA56CB50
                                                                                                                                                                                                                                                                                                                                                                          Function 0083356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00833621
                                                                                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0083365C
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ded134e0386d611231aeace1c9cfbffb3a310d29f7a6e8d09ffb10756fda3e9e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 24ad8719cf437f82d9458237a1c126c2c505e1e780135ab0e54c96625374ac32
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded134e0386d611231aeace1c9cfbffb3a310d29f7a6e8d09ffb10756fda3e9e
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD319C71110204AEDB209F28DC81EFB73A9FF98724F00961DF8A5D7290DA34ED91D7A0
                                                                                                                                                                                                                                                                                                                                                                          Function 00834537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0083461F
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00834634
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0915c9cc3a64e79ea3c7fcb3253633fd54636a46c54b111b75fbfb207b64cc64
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: e9452be3007f49d0e3ccb8093f16ee4ffbeb84e1b649973b69d198341e334957
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0915c9cc3a64e79ea3c7fcb3253633fd54636a46c54b111b75fbfb207b64cc64
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A312774A0120A9FDF14CFA9C981BDABBB5FF99300F10516AE904EB341E770A941CF90
                                                                                                                                                                                                                                                                                                                                                                          Function 008331EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0083327C
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00833287
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: ee071bc2b187ac3da8ae1a1390c9bd8ca625b1367be4f34e14a18360c0633df8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 7634fa6c99814bf07de7f5a210897437a704a35dae7d671359d5351101282837
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee071bc2b187ac3da8ae1a1390c9bd8ca625b1367be4f34e14a18360c0633df8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D11B271300208BFEF219E54DC85EBB376AFBD4365F104628F918E7290D6759D5187A0
                                                                                                                                                                                                                                                                                                                                                                          Function 00833710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007A604C
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A600E: GetStockObject.GDI32(00000011), ref: 007A6060
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007A606A
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0083377A
                                                                                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00833794
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 22e0f35eee0eaa7a7a203f4cca441b1032619b98eab19ec574d29aaab0dddfc1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 6cae2212498c86c84bf32f455ae7452431914488cb4ce7f44ddb2d731e58e660
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22e0f35eee0eaa7a7a203f4cca441b1032619b98eab19ec574d29aaab0dddfc1
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31113AB2610209AFDF00DFA8CC46EFA7BB8FB48314F004924F955E2250E735E8519B90
                                                                                                                                                                                                                                                                                                                                                                          Function 0081CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0081CD7D
                                                                                                                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0081CDA6
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cffed0f3e7814a1abe60978fd0c53336762f082ae1d87e153ee25714557e5df4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 25d2ce9e69ff1635ab08251815a803f3a3ef433b27fea0d74f80e80e84313bd5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cffed0f3e7814a1abe60978fd0c53336762f082ae1d87e153ee25714557e5df4
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D911C671285635BAD7344B669C45EE7BE6CFF527A8F004226B509D3180D7749880D6F0
                                                                                                                                                                                                                                                                                                                                                                          Function 00833429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 008334AB
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008334BA
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: f5f39d7fc39b2144cb258dca36baa64dabeeb4e1380301300924cb8309089824
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: f89d36850effd4dcf4f672662f9360fa99bab063bbcbbe5b6fb883451c557dc6
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5f39d7fc39b2144cb258dca36baa64dabeeb4e1380301300924cb8309089824
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411BF71100208ABEF114F64DC44AAB376AFBA5378F504724F960D31E0C775DD919798
                                                                                                                                                                                                                                                                                                                                                                          Function 00806C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00806CB6
                                                                                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00806CC2
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: cf4c45db5cb81a9a65604118c365ff9abc5eb9dfbccc0097a4becc7a7a1123a9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 368ea3fb16f18260ce3ebd378c79f5b45231f1ce6ff9feb411df2f8251e1c5e9
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf4c45db5cb81a9a65604118c365ff9abc5eb9dfbccc0097a4becc7a7a1123a9
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F010432A005268BDB609FBDDC859BF73A4FBA17107000528E852D61D0FB36D830C650
                                                                                                                                                                                                                                                                                                                                                                          Function 00801CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00803CCA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00801D4C
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 9261a68a19e90916871cb9aae1c3ec874626e7a7417cba2c15934be93e922ce8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 49a623e71269cc67617a64286e4275710b68b6852798cda5f4a44869b6f67ce5
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9261a68a19e90916871cb9aae1c3ec874626e7a7417cba2c15934be93e922ce8
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9301B571601218ABDF44EBA4CC598FE7368FB56360B040619F832E73D1EA3459188660
                                                                                                                                                                                                                                                                                                                                                                          Function 00801BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00803CCA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00801C46
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 0069c0ef6179f6cdf7b1fca126daeef43883be696b01ce61ae7976cb0959dd96
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 98ceb613a291d056bc96f3e4d4fb5fed9235b2432ce5de197e77b6ca95c16174
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0069c0ef6179f6cdf7b1fca126daeef43883be696b01ce61ae7976cb0959dd96
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C101A775681108ABEF48EBA0CD5A9FF77A8FB52350F140019B516F72C1EA28DE5886B1
                                                                                                                                                                                                                                                                                                                                                                          Function 00801C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00803CCA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00801CC8
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 44cc4e5c47f1fd0a55ddc0731d2d0f57675faeee442e2bcbcf167b7aa0261a2c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 07dbe85f9a59a6b6a2c09e66413f4ea19f3d91fd8f683c213c783a41b8033041
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44cc4e5c47f1fd0a55ddc0731d2d0f57675faeee442e2bcbcf167b7aa0261a2c
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8401DB71641118A7EF54E7A4CE1AAFE73ACFB52350F140015B901F32C1EA24DF18C671
                                                                                                                                                                                                                                                                                                                                                                          Function 00801D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007A9CB3: _wcslen.LIBCMT ref: 007A9CBD
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 00803CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00803CCA
                                                                                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00801DD3
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: c74b8c00c0c8644bb92bea22f01542cf14862b13183c5048a309a66ffc28f425
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: bbe900825ad2ebc98f75ba2d8cb79ea57ba4df758855a29e76294f2b9da40e83
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c74b8c00c0c8644bb92bea22f01542cf14862b13183c5048a309a66ffc28f425
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF0F971A40618A6DB44E7A4CC5AAFE736CFB42364F040915B922E32C1DE6459088270
                                                                                                                                                                                                                                                                                                                                                                          Function 0082747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                          • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: b17b1af24b5dce1e319fbad19f6f1203f310e7eede6b72cb1ab86d2c250caef5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 9749b4110155b7e4fa87a0fa1928613454c4e550bf9d43a13a28ab4dfe2bf28f
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b17b1af24b5dce1e319fbad19f6f1203f310e7eede6b72cb1ab86d2c250caef5
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE02B42604230609231327BBCC5EBF5789EFC5750710182FF981C2366EAA89DD193A5
                                                                                                                                                                                                                                                                                                                                                                          Function 00800B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00800B23
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 8a1f795ebae6dced69ac541e91315bda70e14eb65a6a827cdac0acba2207f4fe
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 5a31b605dfa926de0cb3a5b5f10569687c3616b10a94396831aa4ac8169d1123
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a1f795ebae6dced69ac541e91315bda70e14eb65a6a827cdac0acba2207f4fe
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6E0DF32284718AAD21036947C0BFC97B84EF05F21F10042AFBA8E55C38BEA649007E9
                                                                                                                                                                                                                                                                                                                                                                          Function 007C0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 007BF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007C0D71,?,?,?,007A100A), ref: 007BF7CE
                                                                                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,007A100A), ref: 007C0D75
                                                                                                                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007A100A), ref: 007C0D84
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007C0D7F
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b329d1917ff25f688bbe301bbf8dd250402f524860927f818467ff679585a37
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: b460bf9b9df80129aff94e857bda1ee934b46fa12d720803b79f2290534d0a27
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b329d1917ff25f688bbe301bbf8dd250402f524860927f818467ff679585a37
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE06D70300311CBD7209FB8D8087427BE0BB40B40F004E6DE886CA652DBB8E4448BD1
                                                                                                                                                                                                                                                                                                                                                                          Function 00813017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0081302F
                                                                                                                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00813044
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 73ce5b2e10772be3ce1f4bbf8cca03595fe458dcb42a1e38e719dec406334013
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 0856306f7e5cf901fe71083bf54969f10c833da7bf746295063a96be90962c53
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73ce5b2e10772be3ce1f4bbf8cca03595fe458dcb42a1e38e719dec406334013
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BD05E7250032867DA20A7A4AC0EFCB3B6CEB44751F0006A1BA55E6091EAB49984CBD0
                                                                                                                                                                                                                                                                                                                                                                          Function 00832322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0083232C
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0083233F
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080E97B: Sleep.KERNEL32 ref: 0080E9F3
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: d5d930fda017dee28e0725977ce6889b1985a407665f8bdcefffc33b261a09eb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 194fbf32370b6fee50c50d35ec84837bf760da01893c9cc395420df2fe511d9d
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5d930fda017dee28e0725977ce6889b1985a407665f8bdcefffc33b261a09eb
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8D0C936394350B6E6A4A7709C4FFC67A14BB50B10F014E167655FA1D0D9A4A8018B54
                                                                                                                                                                                                                                                                                                                                                                          Function 00832356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0083236C
                                                                                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 00832373
                                                                                                                                                                                                                                                                                                                                                                            • Part of subcall function 0080E97B: Sleep.KERNEL32 ref: 0080E9F3
                                                                                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 09fac1fd4f8c8ccc6d5dbf416e8defffb67d3633ea46c0d84ed2734679515d1d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 8e003ec1e578b940130110a56b2b42257a5eeb440d04d223ff24ede0744dd9e2
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09fac1fd4f8c8ccc6d5dbf416e8defffb67d3633ea46c0d84ed2734679515d1d
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DD0C9323813507AE6A4A7709C4FFC67A14BB55B10F014E167655FA1D0D9A4A8018B54
                                                                                                                                                                                                                                                                                                                                                                          Function 007DBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 007DBE93
                                                                                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007DBEA1
                                                                                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007DBEFC
                                                                                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2289209747.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289164740.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.000000000083C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289614859.0000000000862000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289812525.000000000086C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2289842488.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7a0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                          • Opcode ID: 839920492256dc90f8d3f8692fa0b4cc0497b5d0edf810a65e672bd056cb8b3f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction ID: 86b63964eb5779c4c7dcd3ffe1b0091be6b8f48ba7def9445ebbd32887f43572
                                                                                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 839920492256dc90f8d3f8692fa0b4cc0497b5d0edf810a65e672bd056cb8b3f
                                                                                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6941D435600246EFCF218FA5CC84BBA7BB5AF41320F16416EF959973A1DB348D01DB60