Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1542663
MD5:ee970780c371d5bd42992b92132f5014
SHA1:47331be4bf096c62689df219bea9ff4e168b5c31
SHA256:f34be318ce2adf4bfc28a459a9dc6c468f72a8231aaa12845beb68d58f0f5d80
Tags:exeuser-Bitsight
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7120 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EE970780C371D5BD42992B92132F5014)
    • taskkill.exe (PID: 6204 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5076 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6528 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7012 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5356 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 4412 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5692 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5708 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7044 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2236 -prefMapHandle 2172 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4349ab-a9f6-42ff-bb2a-dd2e53f43512} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d6b76eb10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7364 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20230927232528 -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {718ad585-42aa-4e4e-ba2f-5467c54e1ea4} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d7cec2610 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7916 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3724 -prefMapHandle 3760 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b68f86-3d73-4504-b757-55b95ea6c02a} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d858c2710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 27%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49907 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49906 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49917 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49919 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49918 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50034 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50035 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50038 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50037 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50040 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50041 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50039 version: TLS 1.2
Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2353638311.0000023D7F19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385826511.0000023D7F19F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399377900.0000023D7F1A3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D49C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389354030.0000023D7D494000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2412094997.0000023D790BC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2387697615.0000023D7D8BA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2413018031.0000023D7FA01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.2391798987.0000023D7C962000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2370705653.0000023D7ED0D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2406678449.0000023D77CC4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2387697615.0000023D7D8BA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.2395076517.0000023D77CE4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2415015142.0000023D790B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2387604130.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.2403590008.0000023D7C928000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2413018031.0000023D7FA01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.2402036316.0000023D7D4DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389354030.0000023D7D4DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb@-M|= source: firefox.exe, 0000000E.00000003.2382521957.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372491475.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402637918.0000023D7D456000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.2402813925.0000023D7D0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389620090.0000023D7D0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402769747.0000023D7D412000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2395076517.0000023D77CE4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D071000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395076517.0000023D77CE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb` source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.2402720791.0000023D7D42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402769747.0000023D7D412000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000E.00000003.2401208622.0000023D7D81B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388809211.0000023D7D860000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2412094997.0000023D790BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb0 source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdbINTEGER source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2372996276.0000023D7E234000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2386562901.0000023D7DEEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2400570583.0000023D7DEFE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2386757790.0000023D7DEA4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2415015142.0000023D790B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 8advapi32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdbINTEGER source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2386562901.0000023D7DEEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2400570583.0000023D7DEFE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D071000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.2403590008.0000023D7C928000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb_id source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401208622.0000023D7D81B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0095DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0092C2A2 FindFirstFileExW,0_2_0092C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009668EE FindFirstFileW,FindClose,0_2_009668EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0096698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0095D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0095D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00969642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00969642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0096979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00969B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00969B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00965C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00965C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 187MB
Source: unknownNetwork traffic detected: DNS query count 31
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
Source: Joe Sandbox ViewIP Address: 13.32.99.14 13.32.99.14
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0096CE44
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000C.00000002.2191243661.0000022111CA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blocking equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.2197604330.0000023EBFE20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: (https://www.facebook.com/Z equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: (https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2332609694.00003418B7D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332609694.00003418B7D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332609694.00003418B7D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2332609694.00003418B7D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2409795909.0000023D7900E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: -kioskMOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/videoMOZ_CRASHREPORTER_RESTART_ARG_3=--no-default-browser-checkMOZ_CRASHREPORTER_RESTART_ARG_4=--disable equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2393722415.0000023D78B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2382757053.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431646537.0000023D7E24C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372996276.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .S........[tlsflags0x00000000]www.facebook.com:443^partitionKey=%28https%2Cfacebook.com%29 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2381644695.0000023D85728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2232713304.0000023D838EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385131748.0000023D85E09000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395817351.0000023D85E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8:https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2338545413.0000023D858D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360312501.0000023D858DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385131748.0000023D85E09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2338545413.0000023D858D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234840791.0000023D7DE98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360312501.0000023D858DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2404579458.0000023D7BDF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381644695.0000023D85728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358894672.0000023D86091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2385131748.0000023D85E09000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395817351.0000023D85E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8~predictor-origin,:https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2232713304.0000023D838EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385131748.0000023D85E09000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395817351.0000023D85E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.3429339724.000002DD4E6F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3427407951.00000288D99E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3427219881.000002B6C4040000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=--kioskMOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/videoMOZ_CRASHREPORTER_RESTART_ARG_3=--no-default-browser-checkMOZ_CRASHREPORTER_RESTART_ARG_4=--disable-popup-blockingMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2239880439.0000023D7D6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: =e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2353638311.0000023D7F19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385826511.0000023D7F19F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399377900.0000023D7F1A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: >https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.3430108655.000002DD4E884000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3434910985.00000288D9DF4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3428399573.000002B6C41E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=--kioskMOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/videoMOZ_CRASHREPORTER_RESTART_ARG_3=--no-default-browser-checkMOZ_CRASHREPORTER_RESTART_ARG_4=--disable-popup-blockingMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000C.00000002.2191243661.0000022111CA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exe--kioskhttps://www.facebook.com/video--no-default-browser-check--disable-popup-blocking equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.2197604330.0000023EBFE29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exe--kioskhttps://www.facebook.com/video--no-default-browser-check--disable-popup-blocking--attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000C.00000002.2191243661.0000022111CA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\Desktop\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blockingC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000D.00000002.2197604330.0000023EBFE20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
Source: file.exe, 00000000.00000003.2189485209.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blockingC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSORb equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.3429339724.000002DD4E6FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3430108655.000002DD4E884000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3430108655.000002DD4E880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.3427407951.00000288D99E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/video(9>\ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.3429339724.000002DD4E6F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/video.N= equals www.facebook.com (Facebook)
Source: firefox.exe, 00000013.00000002.3427219881.000002B6C4040000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/video/W equals www.facebook.com (Facebook)
Source: firefox.exe, 00000012.00000002.3427407951.00000288D99EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/videoT9?! equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2239880439.0000023D7D6C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Mabout:certerror?e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
Source: firefox.exe, 00000013.00000002.3427219881.000002B6C404A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SHREPORTER_RESTART_ARG_2=https://www.facebook.com/videoMOZ_CRASHREPORTER_RE equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2407037813.0000023D77C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2407037813.0000023D77C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2239880439.0000023D7D6C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2239880439.0000023D7D6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2353022948.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2338545413.0000023D858D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360312501.0000023D858DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385131748.0000023D85E09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: file.exe, 00000000.00000002.2222273189.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2354484716.0000023D7ED43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370041664.0000023D7ED43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com^partitionKey=%28https%2Cfacebook.com%29 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2338545413.0000023D858D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234840791.0000023D7DE98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360312501.0000023D858DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.facebook.com (Facebook)
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.twitter.com (Twitter)
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000C.00000003.2190869290.0000022111CBC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2191243661.0000022111CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: osk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000C.00000002.2191297759.0000022111CD2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000003.2190869290.0000022111CBC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000003.2190964455.0000022111CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s--kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevationUser equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2239880439.0000023D7D6CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: s://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.3430108655.000002DD4E880000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3434910985.00000288D9DF0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3428399573.000002B6C41E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sers\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=--kioskMOZ_CRASHREPORTER_RESTART_ARG_2=https://www.facebook.com/videoMOZ_CRAS equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2232713304.0000023D83899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tlsflags0x00000000:www.facebook.com:443^partitionKey=%28https%2Cfacebook.com%29 equals www.facebook.com (Facebook)
Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: url":"https://www.facebook.com/video","title) equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232180152.0000023D839CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2290995740.0000023D8481C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2410483144.0000023D79082000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2358894672.0000023D86030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2382757053.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431646537.0000023D7E24C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372996276.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x.S........[tlsflags0x00000000]www.facebook.com:443^partitionKey=%28https%2Cfacebook.com%29 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D680000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431646537.0000023D7E24C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xe=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2353022948.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2435598456.0000023D7D012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2353022948.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386175551.0000023D7F196000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83765000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.facebook.com/video equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2354484716.0000023D7ED43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370041664.0000023D7ED43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.facebook.com^partitionKey=%28https%2Cfacebook.com%29 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2232713304.0000023D83899000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xtlsflags0x00000000:www.facebook.com:443^partitionKey=%28https%2Cfacebook.com%29 equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2385131748.0000023D85E09000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395817351.0000023D85E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ~predictor-origin,:https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: mitmdetection.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353022948.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicer
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415873615.0000023D7908F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415873615.0000023D7908F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415873615.0000023D7908F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000000E.00000003.2233642202.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D890000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000E.00000003.2340708378.0000023D84C43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372996276.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233642202.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341409170.0000023D860ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431646537.0000023D7E24C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372996276.0000023D7E23C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406759604.0000023D77CB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000E.00000003.2395076517.0000023D77CEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341409170.0000023D860ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406759604.0000023D77CB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000E.00000003.2392578508.0000023D7C4E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000E.00000003.2370376546.0000023D7ED2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333943520.0000023D84A7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319243729.0000023D848CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283337787.0000023D84BE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2334266066.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232180152.0000023D839DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249826327.0000023D848F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209853292.0000023D7BBA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376801789.0000023D7BBC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293069563.0000023D84BE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225329033.0000023D83B04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351284577.0000023D839DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311664041.0000023D850AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368453638.0000023D838D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292314493.0000023D7D7ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236050813.0000023D7F39A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2256510275.0000023D848F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372117434.0000023D7EC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D4DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415873615.0000023D7908F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415873615.0000023D7908F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000E.00000003.2384978284.0000023D85E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393496192.0000023D7BCA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393658698.0000023D7BC6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402720791.0000023D7D42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000000E.00000003.2403099539.0000023D7CFFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2435638984.0000023D7CFFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/sessionstore/Sessio
Source: firefox.exe, 00000012.00000003.2225245998.00000288DA9FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3437836028.00000288DA9FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.2231783220.00000288DA9FD000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000E.00000003.2433070621.0000023D7D02F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000E.00000003.2354872890.0000023D7EC85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370973976.0000023D7EC85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430825620.0000023D7EC92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000E.00000003.2364315282.0000023D83A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000E.00000003.2365648834.0000023D839A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000E.00000003.2337686579.0000023D861CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000E.00000003.2358894672.0000023D86091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000E.00000003.2232713304.0000023D838DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338735068.0000023D858C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2367084593.0000023D838DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428563347.0000023D838E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352063724.0000023D838DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338872605.0000023D858B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3436250466.000002B6C4603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3436250466.000002B6C4603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 0000000E.00000003.2391798987.0000023D7C962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075method
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464The
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439experimental-features-devtools-compatibility-pan
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739asyncAppend
Source: firefox.exe, 0000000E.00000003.2288931786.0000023D7C230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000E.00000003.2333943520.0000023D84A7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.2432895630.0000023D7D5E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2395817351.0000023D85E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3436250466.000002B6C4603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3436250466.000002B6C4603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2365648834.0000023D83969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2365648834.0000023D83969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000E.00000003.2381763880.0000023D84C14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361696942.0000023D84C14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340964307.0000023D84C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000E.00000003.2290995740.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2334266066.0000023D84847000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295411805.0000023D7B864000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361864447.0000023D8443D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321245213.0000023D8483B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346824356.0000023D8443D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208761517.0000023D7B874000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426660673.0000023D84441000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385402122.0000023D84441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C4313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236952757.0000023D7D306000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236952757.0000023D7D306000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000E.00000003.2395708149.0000023D86424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2340708378.0000023D84C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2340708378.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000E.00000003.2393722415.0000023D78B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393722415.0000023D78B33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C4313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C43C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C43C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000012.00000002.3429591868.00000288D9C2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C4330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C43C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000000E.00000003.2365648834.0000023D839A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C43C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000000E.00000003.2225329033.0000023D83B04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000E.00000003.2225329033.0000023D83B04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000E.00000003.2424885491.0000023D861AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337872181.0000023D861A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2383491124.0000023D861A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000E.00000003.2387697615.0000023D7D8BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000E.00000003.2351552673.0000023D83969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365648834.0000023D83969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000E.00000003.2388809211.0000023D7D860000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000E.00000003.2382521957.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372491475.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233642202.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C43F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000E.00000003.2396323906.0000023D8586D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338872605.0000023D858BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/458f1afa-4c22-46fa-afb1-a3f65
Source: firefox.exe, 0000000E.00000003.2387604130.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370559498.0000023D7ED17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/4db4139f-6dcf-40ae-
Source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387604130.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370559498.0000023D7ED17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/d3698c60-da91-4f8c-b7c7-e1
Source: firefox.exe, 0000000E.00000003.2345630161.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385296002.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340708378.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353022948.0000023D83783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361291431.0000023D84C74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/03515db6-c8de-413f
Source: firefox.exe, 0000000E.00000003.2345630161.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385296002.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340708378.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353022948.0000023D83783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83783000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361291431.0000023D84C74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/34d0bb85-ad41-4f76
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000E.00000003.2348158784.0000023D83D46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362879273.0000023D83D46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000E.00000003.2370973976.0000023D7EC98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430825620.0000023D7EC98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000E.00000003.2370973976.0000023D7EC98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430825620.0000023D7EC98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000E.00000003.2337686579.0000023D861CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C438F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EA72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
Source: firefox.exe, 0000000E.00000003.2369639663.0000023D7ED99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2284979374.0000023D85093000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 0000000E.00000003.2406156511.0000023D7B1CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000E.00000003.2288420427.0000023D850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284979374.0000023D85093000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 0000000E.00000003.2288420427.0000023D850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284979374.0000023D85093000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000E.00000003.2395076517.0000023D77CEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000E.00000003.2389620090.0000023D7D0B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000E.00000003.2340461929.0000023D84C8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000E.00000003.2389620090.0000023D7D0B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000E.00000003.2389620090.0000023D7D0B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000E.00000003.2406156511.0000023D7B1CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000E.00000003.2290995740.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2334266066.0000023D84847000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2432610662.0000023D7D6D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000E.00000003.2340964307.0000023D84C28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361580435.0000023D84C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2341409170.0000023D860ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2358752197.0000023D860D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341690989.0000023D860DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000000E.00000003.2404776126.0000023D7BDE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000E.00000003.2354484716.0000023D7ED43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370041664.0000023D7ED43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000E.00000003.2428448435.0000023D83932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C4313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C4313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/Error:
Source: firefox.exe, 0000000E.00000003.2428448435.0000023D83932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 0000000E.00000003.2382521957.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372491475.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2233642202.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C43F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000E.00000003.2358894672.0000023D86091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000E.00000003.2358894672.0000023D86091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000E.00000003.2406156511.0000023D7B1CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000E.00000003.2396323906.0000023D8586D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000E.00000003.2402944958.0000023D7D0AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000E.00000003.2387604130.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427862799.0000023D83AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2364315282.0000023D83AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397956993.0000023D83AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D49C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2406678449.0000023D77CC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358752197.0000023D860D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341690989.0000023D860DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389354030.0000023D7D494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349485321.0000023D83AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000E.00000003.2370041664.0000023D7ED56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000E.00000003.2345349810.0000023D84CF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000000E.00000003.2340708378.0000023D84C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000E.00000003.2396826219.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361291431.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345630161.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340708378.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000000E.00000003.2340708378.0000023D84C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3436250466.000002B6C4603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321245213.0000023D8483B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000000E.00000003.2407037813.0000023D77C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000000E.00000003.2407037813.0000023D77C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000000E.00000003.2415339672.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2412142705.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380398465.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2413168434.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409572196.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414251164.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408178499.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411633704.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381762668.0000023D79081000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409028622.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358591503.0000023D7908C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407734417.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415079997.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408737513.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2411195110.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379042395.0000023D79057000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410905984.0000023D79090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417214369.0000023D7908F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379499693.0000023D790A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335332602.0000023D79081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2407037813.0000023D77C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000E.00000003.2407037813.0000023D77C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000000E.00000003.2368453638.0000023D838D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232713304.0000023D838D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428741243.0000023D838D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000E.00000003.2224365515.0000023D7F3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321245213.0000023D8483B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000E.00000003.2425908094.0000023D86144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000E.00000003.2288420427.0000023D850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284979374.0000023D85093000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000000E.00000003.2288420427.0000023D850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284979374.0000023D85093000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 0000000E.00000003.2381763880.0000023D84C14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361696942.0000023D84C14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340964307.0000023D84C14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000E.00000003.2393722415.0000023D78BA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351552673.0000023D83969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393722415.0000023D78B33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365648834.0000023D83969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000E.00000003.2391189227.0000023D7CFB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.2345349810.0000023D84CF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236952757.0000023D7D306000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2396707556.0000023D8576E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000E.00000003.2345349810.0000023D84CF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: firefox.exe, 0000000E.00000003.2402944958.0000023D7D0AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000E.00000003.2402944958.0000023D7D0AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D667000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385296002.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340708378.0000023D84C74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345349810.0000023D84CE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361291431.0000023D84C74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C43F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000E.00000003.2350749481.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428172441.0000023D83A2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000000E.00000003.2430825620.0000023D7ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354872890.0000023D7ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370973976.0000023D7ECA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000E.00000003.2340708378.0000023D84C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
Source: firefox.exe, 0000000E.00000003.2396826219.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361291431.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345630161.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340708378.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000010.00000002.3431202585.000002DD4EACB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3436250466.000002B6C4603000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 0000000E.00000003.2381644695.0000023D85728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332609694.00003418B7D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000E.00000003.2405983640.0000023D7B1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49907 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49906 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49917 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49919 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49918 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50034 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50035 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50038 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50036 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50037 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50040 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50041 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50039 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0096EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0096ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0096EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0095AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00989576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00989576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_34b973bc-0
Source: file.exe, 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_dee2b29f-d
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_951f85c8-e
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_00b1e014-4
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1D5277 NtQuerySystemInformation,18_2_00000288DA1D5277
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1DB7F2 NtQuerySystemInformation,18_2_00000288DA1DB7F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0095D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00951201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00951201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0095E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009620460_2_00962046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F80600_2_008F8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009582980_2_00958298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0092E4FF0_2_0092E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0092676B0_2_0092676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009848730_2_00984873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0091CAA00_2_0091CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FCAF00_2_008FCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090CC390_2_0090CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00926DD90_2_00926DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F91C00_2_008F91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090B1190_2_0090B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009113940_2_00911394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0091781B0_2_0091781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F79200_2_008F7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090997D0_2_0090997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00917A4A0_2_00917A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00917CA70_2_00917CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00929EEE0_2_00929EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0097BE440_2_0097BE44
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1D527718_2_00000288DA1D5277
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1DB7F218_2_00000288DA1DB7F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1DBF1C18_2_00000288DA1DBF1C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1DB83218_2_00000288DA1DB832
Source: C:\Users\user\Desktop\file.exeCode function: String function: 008F9CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00910A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0090F9F2 appears 40 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@34/34@69/13
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009637B5 GetLastError,FormatMessageW,0_2_009637B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009510BF AdjustTokenPrivileges,CloseHandle,0_2_009510BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_009516C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009651CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0095D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0096648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008F42A2
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5512:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5996:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1708:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B459000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000E.00000003.2396431414.0000023D85861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exeVirustotal: Detection: 27%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blocking
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2236 -prefMapHandle 2172 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4349ab-a9f6-42ff-bb2a-dd2e53f43512} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d6b76eb10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20230927232528 -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {718ad585-42aa-4e4e-ba2f-5467c54e1ea4} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d7cec2610 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3724 -prefMapHandle 3760 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b68f86-3d73-4504-b757-55b95ea6c02a} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d858c2710 utility
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blockingJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blockingJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2236 -prefMapHandle 2172 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4349ab-a9f6-42ff-bb2a-dd2e53f43512} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d6b76eb10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20230927232528 -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {718ad585-42aa-4e4e-ba2f-5467c54e1ea4} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d7cec2610 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3724 -prefMapHandle 3760 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b68f86-3d73-4504-b757-55b95ea6c02a} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d858c2710 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2353638311.0000023D7F19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385826511.0000023D7F19F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399377900.0000023D7F1A3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D49C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389354030.0000023D7D494000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2412094997.0000023D790BC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2387697615.0000023D7D8BA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2413018031.0000023D7FA01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.2391798987.0000023D7C962000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2370705653.0000023D7ED0D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2406678449.0000023D77CC4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2387697615.0000023D7D8BA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.2395076517.0000023D77CE4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2415015142.0000023D790B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2387604130.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8CB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.2403590008.0000023D7C928000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2413018031.0000023D7FA01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.2402036316.0000023D7D4DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389354030.0000023D7D4DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb@-M|= source: firefox.exe, 0000000E.00000003.2382521957.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372491475.0000023D7E2D3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402637918.0000023D7D456000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.2402813925.0000023D7D0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389620090.0000023D7D0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402769747.0000023D7D412000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2395076517.0000023D77CE4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D071000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2417152650.0000023D790BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2395076517.0000023D77CE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2405398325.0000023D7B492000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb` source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.2402720791.0000023D7D42C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402769747.0000023D7D412000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000E.00000003.2401208622.0000023D7D81B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388809211.0000023D7D860000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2412094997.0000023D790BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb0 source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D004000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdbINTEGER source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2372996276.0000023D7E234000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2386562901.0000023D7DEEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2400570583.0000023D7DEFE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2386757790.0000023D7DEA4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2415015142.0000023D790B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 8advapi32.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdbINTEGER source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2386562901.0000023D7DEEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2400570583.0000023D7DEFE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2389781693.0000023D7D071000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2389354030.0000023D7D476000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D478000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2389199357.0000023D7D6C3000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.2403590008.0000023D7C928000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D88A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb_id source: firefox.exe, 0000000E.00000003.2388230914.0000023D7D899000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000E.00000003.2401565449.0000023D7D671000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401208622.0000023D7D81B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.2403022213.0000023D7D0A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389781693.0000023D7D099000.00000004.00000800.00020000.00000000.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008F42DE
Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00910A76 push ecx; ret 0_2_00910A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0090F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00981C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00981C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96701
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1D5277 rdtsc 18_2_00000288DA1D5277
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0095DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0092C2A2 FindFirstFileExW,0_2_0092C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009668EE FindFirstFileW,FindClose,0_2_009668EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0096698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0095D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0095D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00969642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00969642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0096979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00969B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00969B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00965C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00965C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008F42DE
Source: firefox.exe, 0000000E.00000003.2409795909.0000023D79036000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}d
Source: firefox.exe, 00000010.00000002.3429339724.000002DD4E6FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$|
Source: firefox.exe, 00000012.00000002.3436466713.00000288DA310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/17Z
Source: firefox.exe, 00000010.00000002.3429339724.000002DD4E6FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3436466713.00000288DA310000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3427407951.00000288D99EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3427219881.000002B6C404A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3435227637.000002B6C4436000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000010.00000002.3435551649.000002DD4EB16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000012.00000002.3436466713.00000288DA310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll*
Source: firefox.exe, 00000010.00000002.3436826007.000002DD4EF40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3436466713.00000288DA310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000288DA1D5277 rdtsc 18_2_00000288DA1D5277
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0096EAA2 BlockInput,0_2_0096EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00922622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00922622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008F42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00914CE8 mov eax, dword ptr fs:[00000030h]0_2_00914CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00950B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00950B62
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00922622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00922622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0091083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0091083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009109D5 SetUnhandledExceptionFilter,0_2_009109D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00910C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00910C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00951201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00951201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00932BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00932BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0095B226 SendInput,keybd_event,0_2_0095B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009722DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00950B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00950B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00951663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00951663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: firefox.exe, 0000000E.00000003.2358416177.0000023D7FA01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00910698 cpuid 0_2_00910698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00968195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00968195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0094D27A GetUserNameW,0_2_0094D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0092B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0092B952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008F42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00971204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00971204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00971806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00971806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		12
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS16
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1542663 Sample: file.exe Startdate: 26/10/2024 Architecture: WINDOWS Score: 64 45 youtube-ui.l.google.com 2->45 47 www.youtube.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Binary is likely a compiled AutoIt script file 2->59 61 Machine Learning detection for sample 2->61 63 AI detected suspicious sample 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 211 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49731, 49745, 49755 GOOGLEUS United States 19->51 53 push.services.mozilla.com 34.107.243.93, 443, 49785, 49848 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe27%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
star-mini.c10r.facebook.com0%VirustotalBrowse
example.org0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://json-schema.org/draft/2019-09/schema.0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://www.leboncoin.fr/0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://shavar.services.mozilla.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://content-signature-2.cdn.mozilla.net/0%URL Reputationsafe
https://json-schema.org/draft/2020-12/schema/=0%URL Reputationsafe
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://MD8.mozilla.org/1/m0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://shavar.services.mozilla.com/0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggestabout0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
http://a9.com/-/spec/opensearch/1.0/0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=11701430%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.i.lencr.org/00%URL Reputationsafe
http://a9.com/-/spec/opensearch/1.1/0%URL Reputationsafe
https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
https://json-schema.org/draft/2019-09/schema0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=7938690%URL Reputationsafe
https://identity.mozilla.com/apps/relay0%URL Reputationsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
https://monitor.firefox.com/user/preferences0%URL Reputationsafe
https://screenshots.firefox.com/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
star-mini.c10r.facebook.com
157.240.252.35
truefalseunknown
example.org
93.184.215.14
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
twitter.com
104.244.42.65
truefalse
    		unknown
    prod.detectportal.prod.cloudops.mozgcp.net
    		34.107.221.82
    		truefalse
      		unknown
      services.addons.mozilla.org
      		151.101.129.91
      		truefalse
        		unknown
        dyna.wikimedia.org
        		185.15.59.224
        		truefalse
          		unknown
          prod.remote-settings.prod.webservices.mozgcp.net
          		34.149.100.209
          		truefalse
            		unknown
            mitmdetection.services.mozilla.com
            		13.32.99.14
            		truefalse
              		unknown
              contile.services.mozilla.com
              		34.117.188.166
              		truefalse
                		unknown
                prod.content-signature-chains.prod.webservices.mozgcp.net
                		34.160.144.191
                		truefalse
                  		unknown
                  youtube-ui.l.google.com
                  		142.250.186.46
                  		truefalse
                    		unknown
                    us-west1.prod.sumo.prod.webservices.mozgcp.net
                    		34.149.128.2
                    		truefalse
                      		unknown
                      reddit.map.fastly.net
                      		151.101.193.140
                      		truefalse
                        		unknown
                        ipv4only.arpa
                        		192.0.0.170
                        		truefalse
                          		unknown
                          prod.ads.prod.webservices.mozgcp.net
                          		34.117.188.166
                          		truefalse
                            		unknown
                            push.services.mozilla.com
                            		34.107.243.93
                            		truefalse
                              		unknown
                              normandy-cdn.services.mozilla.com
                              		35.201.103.21
                              		truefalse
                                		unknown
                                telemetry-incoming.r53-2.services.mozilla.com
                                		34.120.208.123
                                		truefalse
                                  		unknown
                                  www.reddit.com
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    spocs.getpocket.com
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      content-signature-2.cdn.mozilla.net
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        support.mozilla.org
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          firefox.settings.services.mozilla.com
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.youtube.com
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.facebook.com
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                detectportal.firefox.com
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  normandy.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    shavar.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.wikipedia.org
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          		unknown
                                                          https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000013.00000002.3429708905.000002B6C43C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2388230914.0000023D7D890000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2381763880.0000023D84C14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361696942.0000023D84C14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340964307.0000023D84C14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000013.00000002.3429708905.000002B6C438F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2428448435.0000023D83932000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.2406156511.0000023D7B1CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2340964307.0000023D84C28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361580435.0000023D84C28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2358894672.0000023D86091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321245213.0000023D8483B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.msn.comfirefox.exe, 0000000E.00000003.2430825620.0000023D7ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354872890.0000023D7ECA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370973976.0000023D7ECA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2432895630.0000023D7D5E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2401837386.0000023D7D623000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://www.instagram.com/firefox.exe, 0000000E.00000003.2288420427.0000023D850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284979374.0000023D85093000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                    		unknown
                                                                    https://www.amazon.com/firefox.exe, 0000000E.00000003.2340708378.0000023D84C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://fpn.firefox.comfirefox.exe, 0000000E.00000003.2393722415.0000023D78B40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393722415.0000023D78B33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.youtube.com/firefox.exe, 00000013.00000002.3429708905.000002B6C430C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2433070621.0000023D7D02F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1584464Thefirefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000013.00000002.3429708905.000002B6C43C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://127.0.0.1:firefox.exe, 0000000E.00000003.2405398325.0000023D7B459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2353022948.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368603785.0000023D83765000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2290995740.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2334266066.0000023D84847000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://bugzilla.mofirefox.exe, 0000000E.00000003.2391798987.0000023D7C962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000E.00000003.2369639663.0000023D7ED99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://amazon.comfirefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.2358894672.0000023D86091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2341409170.0000023D860ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2428448435.0000023D83932000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3429591868.00000288D9C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3429708905.000002B6C4313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.2332061934.000028830F703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 00000010.00000002.3431202585.000002DD4EA72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.2406326311.0000023D7B19A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2370376546.0000023D7ED2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2333943520.0000023D84A7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319243729.0000023D848CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283337787.0000023D84BE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2334266066.0000023D84847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2232180152.0000023D839DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239880439.0000023D7D6BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249826327.0000023D848F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2209853292.0000023D7BBA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376801789.0000023D7BBC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293069563.0000023D84BE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225329033.0000023D83B04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351284577.0000023D839DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311664041.0000023D850AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368453638.0000023D838D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292314493.0000023D7D7ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236050813.0000023D7F39A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2256510275.0000023D848F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372117434.0000023D7EC2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402036316.0000023D7D4DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2354872890.0000023D7EC85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370973976.0000023D7EC85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430825620.0000023D7EC92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2370973976.0000023D7EC98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430825620.0000023D7EC98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000000E.00000003.2238184242.0000023D7D34C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2404776126.0000023D7BDD3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2362879273.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427122291.0000023D83D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397236016.0000023D83D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2224242424.0000023D83B23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2225217272.0000023D83B1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2350749481.0000023D83A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2348158784.0000023D83D46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362879273.0000023D83D46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://profiler.firefox.comfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000E.00000003.2287074951.0000023D8507A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2387697615.0000023D7D8BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374260862.0000023D7D8BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2370041664.0000023D7ED56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2288931786.0000023D7C230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289110850.0000023D7C265000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2396593971.0000023D857AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2339724992.0000023D8575B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360771899.0000023D8575B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2365648834.0000023D83969000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2236560404.0000023D7F34C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2340708378.0000023D84C5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.google.com/searchfirefox.exe, 0000000E.00000003.2207212052.0000023D7B731000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207387201.0000023D7B752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206883904.0000023D7B500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401499437.0000023D7D67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2321245213.0000023D8483B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428741243.0000023D83833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290995740.0000023D84836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2207046492.0000023D7B70F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3429850565.000002DD4E820000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3435448039.00000288DA190000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3435762180.000002B6C4530000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1539075methodfirefox.exe, 0000000E.00000003.2235884865.0000023D7C167000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          34.149.100.209
                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                          151.101.129.91
                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                          		54113FASTLYUSfalse
                                                                                                          34.107.243.93
                                                                                                          		push.services.mozilla.comUnited States
                                                                                                          		15169GOOGLEUSfalse
                                                                                                          13.32.99.14
                                                                                                          		mitmdetection.services.mozilla.comUnited States
                                                                                                          		16509AMAZON-02USfalse
                                                                                                          34.107.221.82
                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                          		15169GOOGLEUSfalse
                                                                                                          35.244.181.201
                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                          		15169GOOGLEUSfalse
                                                                                                          34.117.188.166
                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                          35.201.103.21
                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                          		15169GOOGLEUSfalse
                                                                                                          35.190.72.216
                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                          		15169GOOGLEUSfalse
                                                                                                          34.160.144.191
                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                          157.240.252.35
                                                                                                          		star-mini.c10r.facebook.comUnited States
                                                                                                          		32934FACEBOOKUSfalse
                                                                                                          34.120.208.123
                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                          		15169GOOGLEUSfalse

                                                                                                          Private

                                                                                                          IP
                                                                                                          127.0.0.1

                                                                                                          General Information

                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                          Analysis ID:1542663
                                                                                                          Start date and time:2024-10-26 05:28:04 +02:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 7m 14s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Number of analysed new started processes analysed:23
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:0
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample name:file.exe
                                                                                                          Detection:MAL
                                                                                                          Classification:mal64.evad.winEXE@34/34@69/13
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 50%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 94%
                                                                                                          • Number of executed functions: 38
                                                                                                          • Number of non-executed functions: 309
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 44.231.229.39, 34.208.54.237, 52.13.186.250, 2.22.61.59, 2.22.61.56, 172.217.18.14, 142.250.186.174, 216.58.206.74, 142.250.186.42
                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                          • Report size getting too big, too many NtOpenFile calls found.

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          23:29:13API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          34.117.188.166file.exeGet hashmaliciousUnknownBrowse
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                              34.149.100.209file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  151.101.129.91file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      13.32.99.14file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          http://alibinaadi.com/.well-known/alibaba/Alibaba/index.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            http://promo1.spik.ru/CN/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bva%C2%ADnd%C2%ADat%C2%ADco%E2%80%8B.%C2%ADv%C2%ADn/.dev/ChZuQF9L/bHlubi5wYXJzb25zQGltYWdvLmNvbW11bml0eQ===$%E3%80%82Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  https://express.adobe.com/page/fpAhkaFO1j6dW/Get hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                    twitter.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.244.42.1
                                                                                                                                                                                    services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.129.91

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    https://load.aberegg-immobilien.ch/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 34.117.59.81
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    AMAZON-02USarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 54.171.230.55
                                                                                                                                                                                    https://load.aberegg-immobilien.ch/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 76.76.21.21
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 13.32.99.14
                                                                                                                                                                                    main_mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                    • 54.171.230.55
                                                                                                                                                                                    la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 44.225.39.231
                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 52.36.207.64
                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 52.25.194.52
                                                                                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 3.194.87.203
                                                                                                                                                                                    reg#U00edstrado18239211813110040062911.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.218.162.132
                                                                                                                                                                                    reg#U00edstrado18239211813110040062911.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 18.218.162.132
                                                                                                                                                                                    FASTLYUSfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    SecuriteInfo.com.Trojan.Agent.GMXD.11819.15970.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                    SecuriteInfo.com.Trojan.Agent.GMXD.11819.15970.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                    ATGS-MMD-ASUSfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 57.231.209.91
                                                                                                                                                                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 48.152.9.65
                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 48.81.71.119
                                                                                                                                                                                    la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 32.15.233.80

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                    • 34.120.208.123

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_894c044a-be6f-47ad-8681-9c57d16f1efe.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7946
                                                                                                                                                                                                        Entropy (8bit):5.175068113630763
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:/BMXAi9cbhbVbTbfbRbObtbyEl7n6rPJA6unSrDtTkdxSof8:/iJcNhnzFSJar21nSrDhkdxw
                                                                                                                                                                                                        MD5:4556608A431EF6106C89499953CAE1AB
                                                                                                                                                                                                        SHA1:04C12E114841539FAEE6C7D0FCE058FA367B475E
                                                                                                                                                                                                        SHA-256:2A73549D2DC9C68081705E74AB18156F0F6BE53C11AEE48F7127179F729FD960
                                                                                                                                                                                                        SHA-512:254C4433524CCDC9D810EA443583478933C319929B25904C40A331C1E1092C55FECCEF2C971623B3CA921053CA622337E1CCB58EE257CB669C33D5C10FD44375
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"894c044a-be6f-47ad-8681-9c57d16f1efe","creationDate":"2024-10-26T04:53:43.065Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_894c044a-be6f-47ad-8681-9c57d16f1efe.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7946
                                                                                                                                                                                                        Entropy (8bit):5.175068113630763
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:/BMXAi9cbhbVbTbfbRbObtbyEl7n6rPJA6unSrDtTkdxSof8:/iJcNhnzFSJar21nSrDhkdxw
                                                                                                                                                                                                        MD5:4556608A431EF6106C89499953CAE1AB
                                                                                                                                                                                                        SHA1:04C12E114841539FAEE6C7D0FCE058FA367B475E
                                                                                                                                                                                                        SHA-256:2A73549D2DC9C68081705E74AB18156F0F6BE53C11AEE48F7127179F729FD960
                                                                                                                                                                                                        SHA-512:254C4433524CCDC9D810EA443583478933C319929B25904C40A331C1E1092C55FECCEF2C971623B3CA921053CA622337E1CCB58EE257CB669C33D5C10FD44375
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"894c044a-be6f-47ad-8681-9c57d16f1efe","creationDate":"2024-10-26T04:53:43.065Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                        MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                        SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                        SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                        SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):453023
                                                                                                                                                                                                        Entropy (8bit):7.997718157581587
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                        MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                        SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                        SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                        SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4419
                                                                                                                                                                                                        Entropy (8bit):4.934269393345431
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsL8FE8P:gXiNFS+OcUGOdwiOdwBjkYLKE8P
                                                                                                                                                                                                        MD5:9BB7A82A699689D27F6051089E59121F
                                                                                                                                                                                                        SHA1:370FF5F26CF9E717BD353CE31DA71D3E5AE93D4C
                                                                                                                                                                                                        SHA-256:82458B9837E8FC669393FFEFDF819AAE4394E0BD88D51656140970DA405BB40B
                                                                                                                                                                                                        SHA-512:4CFD761470E6BC9C9AC1935C8A7BA7B19145507ECEACF620A58A7D75445615611422831B2A1EDA15B2CF7F411E481E623B89F66E8CD424952D1AB833DA00DD85
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4419
                                                                                                                                                                                                        Entropy (8bit):4.934269393345431
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsL8FE8P:gXiNFS+OcUGOdwiOdwBjkYLKE8P
                                                                                                                                                                                                        MD5:9BB7A82A699689D27F6051089E59121F
                                                                                                                                                                                                        SHA1:370FF5F26CF9E717BD353CE31DA71D3E5AE93D4C
                                                                                                                                                                                                        SHA-256:82458B9837E8FC669393FFEFDF819AAE4394E0BD88D51656140970DA405BB40B
                                                                                                                                                                                                        SHA-512:4CFD761470E6BC9C9AC1935C8A7BA7B19145507ECEACF620A58A7D75445615611422831B2A1EDA15B2CF7F411E481E623B89F66E8CD424952D1AB833DA00DD85
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5308
                                                                                                                                                                                                        Entropy (8bit):6.599374203470186
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                        MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                        SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                        SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                        SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5308
                                                                                                                                                                                                        Entropy (8bit):6.599374203470186
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                        MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                        SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                        SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                        SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):262144
                                                                                                                                                                                                        Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                        MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                        SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                        SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                        SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                        Entropy (8bit):5.185052013683835
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                        MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                        SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                        SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                        SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                        Entropy (8bit):5.185052013683835
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                        MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                        SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                        SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                        SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                        Entropy (8bit):0.07331609199241627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki9n:DLhesh7Owd4+ji9
                                                                                                                                                                                                        MD5:96A4320778E8144FDAADCF5420A99CC1
                                                                                                                                                                                                        SHA1:A5CFA464E84E38A39B6CF127F2D21AFA91E362B6
                                                                                                                                                                                                        SHA-256:8007FFDDA0E40D67B3F8EAC4A36D8E98AF64741442B5B7F8E267F6BAF112489D
                                                                                                                                                                                                        SHA-512:36864BD3B65F67220427905AC94FC86A048E78F55D49B58C5E32810913BFD1F40CDE5F3F3DEF1F87DF576DB4B23EA6577D771604C73F999E1A04D5D88620DC84
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.034673536944145426
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:GtlstF2rG1LdGtlstF2rG1LdXlJ89//alEl:GtWt0rGWtWt0rGHlJ89XuM
                                                                                                                                                                                                        MD5:E72770F5DC9CB1E19BEC7E6CD8BBD3C7
                                                                                                                                                                                                        SHA1:4F687FFDFBD5BD1CABECE947367CA7001590F09C
                                                                                                                                                                                                        SHA-256:CC4D44D2600B0173873A73F0D2CB157094D8B7C69C823EB4C22EB6CF009F3D35
                                                                                                                                                                                                        SHA-512:0A29E9ED77B3FFDED2745585FD89818691EB2661CFBFA1B83A664BD670ADA6AB20B67958CBEBE0D21C7F710F943EFB323EC9B671B4DF118EFE74BC6897C58CAC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.......................;0".Tq......?.l.d$....-.......................;0".Tq......?.l.d$..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32824
                                                                                                                                                                                                        Entropy (8bit):0.035083953161994426
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Ol1C37JVVvlNUpsGVXHSrV//mwl8XW3R2:KcXVvasGVCpuw93w
                                                                                                                                                                                                        MD5:1744BF4653B8BA799397F541F2590E96
                                                                                                                                                                                                        SHA1:03FE0539EC1CC21AD5E8C23072946FA70F31A2BC
                                                                                                                                                                                                        SHA-256:83F3A5E963A52E2E9EC8F4BC56F9ECE17EDBC736DBB80DADE5DAF55F7A46330D
                                                                                                                                                                                                        SHA-512:9A1E271CA549945A90E04EF420F5BFAB80F578CA37ABD8A464A0BAFF396ABEC0D60C3A45246C4F10157D44B53ECB2DC30289AAFE0999EF1FD83FA0A36F7E21FA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:7....-..........q......?g.._.p'........q......?;..T."0................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14081
                                                                                                                                                                                                        Entropy (8bit):5.467307148049392
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:TnTFTRRUYbBp6tLZNMGaXp6qU45wzy+/3/7iK85RYiNBw8dnSl:fKeAFNM8SIyCn0dwE0
                                                                                                                                                                                                        MD5:B310BEDCD939CBF567FA3650C84DCD87
                                                                                                                                                                                                        SHA1:2DAD8CA5D2EA0C0AAAB93B3F285AD796DDB6724C
                                                                                                                                                                                                        SHA-256:1D0DA33E34FD6A3A82F6D5C6D551129C43BC9B3B16C57E3E7C1D5C445FD11290
                                                                                                                                                                                                        SHA-512:4D7503575FF4FC46398E27E1038F02124F1F5E8810D5AEB128DF290867CBEB6290D13F7335A4EEF62A5695DBA2F798E1BDB8C111BB91707402BF2093BA28B4C5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729918393);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729918393);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729918393);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172991

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14081
                                                                                                                                                                                                        Entropy (8bit):5.467307148049392
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:TnTFTRRUYbBp6tLZNMGaXp6qU45wzy+/3/7iK85RYiNBw8dnSl:fKeAFNM8SIyCn0dwE0
                                                                                                                                                                                                        MD5:B310BEDCD939CBF567FA3650C84DCD87
                                                                                                                                                                                                        SHA1:2DAD8CA5D2EA0C0AAAB93B3F285AD796DDB6724C
                                                                                                                                                                                                        SHA-256:1D0DA33E34FD6A3A82F6D5C6D551129C43BC9B3B16C57E3E7C1D5C445FD11290
                                                                                                                                                                                                        SHA-512:4D7503575FF4FC46398E27E1038F02124F1F5E8810D5AEB128DF290867CBEB6290D13F7335A4EEF62A5695DBA2F798E1BDB8C111BB91707402BF2093BA28B4C5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729918393);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729918393);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729918393);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172991

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                        Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                        MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                        SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                        SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                        SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5761 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1540
                                                                                                                                                                                                        Entropy (8bit):6.343770179814255
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:vHSUG6Y02LXrIg5jpnQGDT5sCIdCPTHVvwKXaUFDhu5JFyOOxmOmaoRhE5Exm:fpSDRpjfFNwCaUKUKRh3I
                                                                                                                                                                                                        MD5:ED2C0D92391644C54BE141A1711DD9AB
                                                                                                                                                                                                        SHA1:7AA2416EAFA8D131002AB81487EDBBCB207386E8
                                                                                                                                                                                                        SHA-256:FBE154CE29E8A8E09FC79748EACCC3228F5CE17C04F9AD19B2F923BFD86C152B
                                                                                                                                                                                                        SHA-512:2BB1A6BDA760C69187F721D73B0B7DDBD2C73F923D124DCE130F41EE1725D044153A172DB305BB638310DDAF6765C9C57E647F27C6AE8FF31C531995B3310308
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.facebook.com/video","title)....cacheKey":0,"ID":6,"docshellUU...D"{b40b9347-293a-471a-a99c-88f6cf06e37e}","resultPrincipalURI":null,"hasUserInteract....true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729918398414,"hidden":false,"searchMode...userContextId...attribut|..{},"index":1...questedI..p0,"imags...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C....GroupCount":-1,"busy...t...Flags":2167541758P..dth":116....eight":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...W...l...........:..<.1":{..jUpdate...5,"startTim..P62547...centCrash..B0},".....Dcookr. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,..Donly..fexpiry...71143,"originA...."firstPartyDomain":"","geckoViewS.....

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5761 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1540
                                                                                                                                                                                                        Entropy (8bit):6.343770179814255
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:vHSUG6Y02LXrIg5jpnQGDT5sCIdCPTHVvwKXaUFDhu5JFyOOxmOmaoRhE5Exm:fpSDRpjfFNwCaUKUKRh3I
                                                                                                                                                                                                        MD5:ED2C0D92391644C54BE141A1711DD9AB
                                                                                                                                                                                                        SHA1:7AA2416EAFA8D131002AB81487EDBBCB207386E8
                                                                                                                                                                                                        SHA-256:FBE154CE29E8A8E09FC79748EACCC3228F5CE17C04F9AD19B2F923BFD86C152B
                                                                                                                                                                                                        SHA-512:2BB1A6BDA760C69187F721D73B0B7DDBD2C73F923D124DCE130F41EE1725D044153A172DB305BB638310DDAF6765C9C57E647F27C6AE8FF31C531995B3310308
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.facebook.com/video","title)....cacheKey":0,"ID":6,"docshellUU...D"{b40b9347-293a-471a-a99c-88f6cf06e37e}","resultPrincipalURI":null,"hasUserInteract....true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729918398414,"hidden":false,"searchMode...userContextId...attribut|..{},"index":1...questedI..p0,"imags...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C....GroupCount":-1,"busy...t...Flags":2167541758P..dth":116....eight":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...W...l...........:..<.1":{..jUpdate...5,"startTim..P62547...centCrash..B0},".....Dcookr. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,..Donly..fexpiry...71143,"originA...."firstPartyDomain":"","geckoViewS.....

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5761 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1540
                                                                                                                                                                                                        Entropy (8bit):6.343770179814255
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:vHSUG6Y02LXrIg5jpnQGDT5sCIdCPTHVvwKXaUFDhu5JFyOOxmOmaoRhE5Exm:fpSDRpjfFNwCaUKUKRh3I
                                                                                                                                                                                                        MD5:ED2C0D92391644C54BE141A1711DD9AB
                                                                                                                                                                                                        SHA1:7AA2416EAFA8D131002AB81487EDBBCB207386E8
                                                                                                                                                                                                        SHA-256:FBE154CE29E8A8E09FC79748EACCC3228F5CE17C04F9AD19B2F923BFD86C152B
                                                                                                                                                                                                        SHA-512:2BB1A6BDA760C69187F721D73B0B7DDBD2C73F923D124DCE130F41EE1725D044153A172DB305BB638310DDAF6765C9C57E647F27C6AE8FF31C531995B3310308
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.facebook.com/video","title)....cacheKey":0,"ID":6,"docshellUU...D"{b40b9347-293a-471a-a99c-88f6cf06e37e}","resultPrincipalURI":null,"hasUserInteract....true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729918398414,"hidden":false,"searchMode...userContextId...attribut|..{},"index":1...questedI..p0,"imags...chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C....GroupCount":-1,"busy...t...Flags":2167541758P..dth":116....eight":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...W...l...........:..<.1":{..jUpdate...5,"startTim..P62547...centCrash..B0},".....Dcookr. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,..Donly..fexpiry...71143,"originA...."firstPartyDomain":"","geckoViewS.....

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                        Entropy (8bit):2.042811512334329
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                        MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                        SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                        SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                        SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4411
                                                                                                                                                                                                        Entropy (8bit):5.009414065524251
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YrSAYLHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:ycLCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                        MD5:BD93BB272AAFA1D340400FF81957311C
                                                                                                                                                                                                        SHA1:6DCCBFB39EF8C8A34889DC8C1FBDFBA77FC34DA3
                                                                                                                                                                                                        SHA-256:399B03D16681CE7230ADA0CEFAB4B1F5BE2C06578257221BE29CBAF79E7F34DA
                                                                                                                                                                                                        SHA-512:FBC56F5DD583CF046DAA1B085BF213A36314D8138E15AB5347696DAA1DE36A41FDB5DBE26D6D95CB1D606D1621692A2281D43E8699698D01AD5D3CD8F6A218EF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-26T04:52:56.708Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4411
                                                                                                                                                                                                        Entropy (8bit):5.009414065524251
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YrSAYLHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:ycLCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                        MD5:BD93BB272AAFA1D340400FF81957311C
                                                                                                                                                                                                        SHA1:6DCCBFB39EF8C8A34889DC8C1FBDFBA77FC34DA3
                                                                                                                                                                                                        SHA-256:399B03D16681CE7230ADA0CEFAB4B1F5BE2C06578257221BE29CBAF79E7F34DA
                                                                                                                                                                                                        SHA-512:FBC56F5DD583CF046DAA1B085BF213A36314D8138E15AB5347696DAA1DE36A41FDB5DBE26D6D95CB1D606D1621692A2281D43E8699698D01AD5D3CD8F6A218EF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-26T04:52:56.708Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):6.583726432717676
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:file.exe
                                                                                                                                                                                                        File size:919'040 bytes
                                                                                                                                                                                                        MD5:ee970780c371d5bd42992b92132f5014
                                                                                                                                                                                                        SHA1:47331be4bf096c62689df219bea9ff4e168b5c31
                                                                                                                                                                                                        SHA256:f34be318ce2adf4bfc28a459a9dc6c468f72a8231aaa12845beb68d58f0f5d80
                                                                                                                                                                                                        SHA512:6e9f3c54184866b9e7179e7ab0ba0b29bf934afc837401cc886d317a9e3a53b9df5585a3f8183fee71b8c8d3c60c10aadb6a0d4da011f08ce39c203ce15ad9f7
                                                                                                                                                                                                        SSDEEP:12288:oqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagT4:oqDEvCTbMWu7rQYlBQcBiT6rprG8a44
                                                                                                                                                                                                        TLSH:B1159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x420577
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x671C6134 [Sat Oct 26 03:25:40 2024 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        call 00007FC3D5525713h
                                                                                                                                                                                                        jmp 00007FC3D552501Fh
                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                        push esi
                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                        call 00007FC3D55251FDh
                                                                                                                                                                                                        mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                        ret
                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                        push esi
                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                        call 00007FC3D55251CAh
                                                                                                                                                                                                        mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                        mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                        ret
                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                        push esi
                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                        and dword ptr [eax], 00000000h
                                                                                                                                                                                                        and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                        push eax
                                                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                        add eax, 04h
                                                                                                                                                                                                        push eax
                                                                                                                                                                                                        call 00007FC3D5527DBDh
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                        lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                        push eax
                                                                                                                                                                                                        call 00007FC3D5527E08h
                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                        ret
                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                        push esi
                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                        push eax
                                                                                                                                                                                                        call 00007FC3D5527DF1h
                                                                                                                                                                                                        test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                        pop ecx

                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9bf4.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .rsrc0xd40000x9bf40x9c0024a60e65f198832a219e977b746382edFalse0.31823417467948717data5.33094318200871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                        .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                        Resources

                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                        RT_RCDATA0xdc7b80xebcdata1.002916224814422
                                                                                                                                                                                                        RT_GROUP_ICON0xdd6740x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                        RT_GROUP_ICON0xdd6ec0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                        RT_GROUP_ICON0xdd7000x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                        RT_GROUP_ICON0xdd7140x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                        RT_VERSION0xdd7280xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                        RT_MANIFEST0xdd8040x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                        PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                        UxTheme.dllIsThemeActive
                                                                                                                                                                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                        EnglishGreat Britain

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.791038990 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.791055918 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.791338921 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.797142029 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.797158003 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.229552984 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.229578018 CEST44349728157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.230287075 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.231525898 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.231538057 CEST44349728157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.422458887 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.422535896 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.436074018 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.436089039 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.436350107 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.436506987 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.436515093 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.444457054 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.444488049 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.446458101 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.451889038 CEST804973134.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.451975107 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.457556963 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.457575083 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.462737083 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.462899923 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.468363047 CEST804973134.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.643377066 CEST4434972735.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.643459082 CEST49727443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.066818953 CEST804973134.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.090451002 CEST44349728157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.092067003 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.112273932 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.114612103 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.114629030 CEST44349728157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.114698887 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.114974976 CEST44349728157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.132599115 CEST49728443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.149463892 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.149477005 CEST4434973734.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.152865887 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.163609982 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.163625002 CEST4434973734.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.333208084 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.333225965 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.336878061 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.567270041 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.567295074 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.567418098 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.567419052 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.567429066 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.714998960 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.715012074 CEST4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.715655088 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.717003107 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.717015028 CEST4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.718317032 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.718343019 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.725152016 CEST4974580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.725389004 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.725507021 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.725517035 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.730499029 CEST804974534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.733037949 CEST4974580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.733179092 CEST4974580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.738584995 CEST804974534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.779372931 CEST44349730157.240.252.35192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.779437065 CEST49730443192.168.2.6157.240.252.35
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.797985077 CEST4434973734.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.798063040 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.802849054 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.802858114 CEST4434973734.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.802963018 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.803042889 CEST4434973734.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.803333044 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.803348064 CEST4434974634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.803459883 CEST49737443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.803478003 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.805488110 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.805499077 CEST4434974634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.937613964 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.942996979 CEST804973134.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.950577021 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.950603008 CEST4434974734.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.952622890 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.952812910 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.952833891 CEST4434974734.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.060842991 CEST804973134.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.102976084 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.291995049 CEST4974580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.297825098 CEST804974534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.303555012 CEST4974580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.329890966 CEST4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.329967022 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.335642099 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.335656881 CEST4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.335757017 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.335813999 CEST4434974334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.336159945 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.336183071 CEST4434975334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.336373091 CEST49743443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.336411953 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.337744951 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.337754965 CEST4434975334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.362687111 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.362705946 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.362783909 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.365679026 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.365686893 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.366003990 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.370039940 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.370116949 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.370203972 CEST4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.370281935 CEST49744443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.415491104 CEST4434974634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.419493914 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.422702074 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.425046921 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.425064087 CEST4434974634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.425117016 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.425482988 CEST4434974634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.426109076 CEST49746443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.426402092 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.428071022 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.430313110 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.430516958 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.433115005 CEST804973134.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.433176994 CEST4973180192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.435877085 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.501467943 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.507069111 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.514288902 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.514477015 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.515516043 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.515558004 CEST4434975713.32.99.14192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.516300917 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.517913103 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.517932892 CEST4434975713.32.99.14192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.519998074 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.590394974 CEST4434974734.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.593048096 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.595998049 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.596004963 CEST4434974734.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.596400023 CEST4434974734.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.597974062 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.598097086 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.598340988 CEST4434974734.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.598505974 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.598545074 CEST4434975834.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.599463940 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.599481106 CEST49747443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.599539042 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.599711895 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.599730968 CEST4434975834.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.987752914 CEST4434975334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.987899065 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.993267059 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.993267059 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.993279934 CEST4434975334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.993449926 CEST4434975334.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.993571043 CEST49753443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.045058966 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.090236902 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.124620914 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.174925089 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.221314907 CEST4434975834.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.221432924 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.229341984 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.229346991 CEST4434975834.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.229711056 CEST4434975834.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.232197046 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.232295990 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.232352018 CEST4434975834.160.144.191192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.232465029 CEST49758443192.168.2.634.160.144.191
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.371066093 CEST4434975713.32.99.14192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.375355005 CEST4434975713.32.99.14192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.375852108 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.380215883 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.380228996 CEST4434975713.32.99.14192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.380306005 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.380445004 CEST4434975713.32.99.14192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.380562067 CEST49757443192.168.2.613.32.99.14
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.704823971 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.704858065 CEST4434977634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.705404043 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.709211111 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.710764885 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.710925102 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.710944891 CEST4434977634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.838854074 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.893001080 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.310108900 CEST4434977634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.310189009 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.314702034 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.314716101 CEST4434977634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.314785957 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.314857006 CEST4434977634.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.316597939 CEST49776443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.339459896 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.339515924 CEST4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.340050936 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.341828108 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.341860056 CEST4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.467181921 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.472599983 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.606992006 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.613112926 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.618465900 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.663079023 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.686923981 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.686975002 CEST4434978534.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.687283993 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.688764095 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.688793898 CEST4434978534.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.742023945 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.794686079 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.961848021 CEST4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.964083910 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.972852945 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.972893000 CEST4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.972949982 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.973035097 CEST4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.973532915 CEST49781443192.168.2.634.117.188.166
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.974391937 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.974400997 CEST4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.976475000 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.977839947 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.977852106 CEST4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.979391098 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.979406118 CEST4434978935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.980500937 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.980614901 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.980627060 CEST4434978935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.019357920 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.024807930 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.032341003 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.032386065 CEST4434979034.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.036371946 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.037744045 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.037760019 CEST4434979034.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.147233009 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.199245930 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.459163904 CEST4434978534.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.459355116 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.464330912 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.464353085 CEST4434978534.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.464472055 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.464627028 CEST4434978534.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.464890003 CEST49785443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.586288929 CEST4434978935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.587937117 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.590579987 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.590585947 CEST4434978935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.590898037 CEST4434978935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.593585014 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.593677998 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.593753099 CEST4434978935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.594022036 CEST49789443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.616879940 CEST4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.616954088 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.621346951 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.621351957 CEST4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.621464014 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.621469975 CEST4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.621480942 CEST4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.621623039 CEST49788443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.660408974 CEST4434979034.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.660561085 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.664660931 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.664680004 CEST4434979034.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.664716959 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.664963007 CEST4434979034.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.665365934 CEST49790443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.472265005 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.477690935 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.606077909 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.637301922 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.642838955 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.661042929 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.664295912 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.664350986 CEST4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.664688110 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.666038990 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.666052103 CEST4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.765292883 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.808315039 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.318439960 CEST4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.321000099 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.325357914 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.325366974 CEST4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.325484037 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.325567007 CEST4434981034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.325764894 CEST49810443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.508219957 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.513596058 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.518702030 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.524115086 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.564922094 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.565006971 CEST4434981734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.565320969 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.567302942 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.567333937 CEST4434981734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.636951923 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.646532059 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.689914942 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.689929962 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.164155006 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.164182901 CEST4434982234.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.164443016 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.164525032 CEST4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.166006088 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.166179895 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.166183949 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.166192055 CEST4434982234.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.166304111 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.166341066 CEST4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.171751976 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.177107096 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.192496061 CEST4434981734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.192625999 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.300359011 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.356635094 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.799422026 CEST4434982234.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.799639940 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.507741928 CEST4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.509174109 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.780105114 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.780127048 CEST4434982234.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.781181097 CEST4434982234.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.782294989 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.782331944 CEST4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.782797098 CEST4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.785780907 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.785859108 CEST4434981734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.786163092 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.786322117 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.786322117 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.786544085 CEST4434981734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.786644936 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.786705971 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.787259102 CEST4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.787426949 CEST4434982234.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.790965080 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.791965008 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.792114973 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.792164087 CEST49817443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.792300940 CEST49823443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.792392969 CEST49822443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.796447039 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.919475079 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.964225054 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.018564939 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.024049044 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.024791002 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.024820089 CEST4434984834.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.025163889 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.026586056 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.026599884 CEST4434984834.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.159708023 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.224071980 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.653312922 CEST4434984834.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.655402899 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:24.596957922 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:24.596987963 CEST4434984834.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:24.597054005 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:24.597239971 CEST4434984834.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:24.597434998 CEST49848443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785238028 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.790555954 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.913608074 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.963213921 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.979331970 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.984603882 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:26.108263016 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:26.163775921 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.257702112 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.257757902 CEST4434990635.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.260442972 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.260443926 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.260493994 CEST4434990635.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.264954090 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.264976978 CEST4434990734.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265209913 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265332937 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265347958 CEST4434990734.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268222094 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268258095 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268443108 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268580914 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268603086 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.792598963 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.792655945 CEST4434991434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.792994976 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.794598103 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.794630051 CEST4434991434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.815725088 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.815788984 CEST4434991535.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.821191072 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.822735071 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.822763920 CEST4434991535.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.841698885 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.841739893 CEST4434991635.201.103.21192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.849414110 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.850929022 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.850944996 CEST4434991635.201.103.21192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.873665094 CEST4434990734.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.873754978 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.876976967 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.876985073 CEST4434990734.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.877325058 CEST4434990734.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.881757975 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.881850004 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.881968021 CEST4434990734.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.882642031 CEST49907443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.884676933 CEST4434990635.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.890505075 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.893837929 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.893851042 CEST4434990635.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.894172907 CEST4434990635.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.901750088 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.901750088 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.901957035 CEST4434990635.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.903539896 CEST49906443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.905271053 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.912599087 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.922612906 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.922786951 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.926029921 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.926048994 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.926438093 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.928199053 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.928267002 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.928386927 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.935338974 CEST44349908151.101.129.91192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.935559988 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.935559988 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.935599089 CEST49908443192.168.2.6151.101.129.91
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.937021017 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.937038898 CEST4434991735.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.938843966 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.938869953 CEST4434991835.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.939848900 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.940006018 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.940006971 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.940017939 CEST4434991735.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.940226078 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.940238953 CEST4434991835.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.941361904 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.941369057 CEST4434991935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.941725016 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.941890955 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.941900969 CEST4434991935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.035541058 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.043389082 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.048784018 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.079271078 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.172233105 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.226428032 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.404064894 CEST4434991434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.404191017 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.408356905 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.408377886 CEST4434991434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.408454895 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.408577919 CEST4434991434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.409605980 CEST49914443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.411705017 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.417020082 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.433433056 CEST4434991535.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.433522940 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.437938929 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.437957048 CEST4434991535.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.438036919 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.438096046 CEST4434991535.190.72.216192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.438559055 CEST49915443192.168.2.635.190.72.216
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.502012014 CEST4434991635.201.103.21192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.502034903 CEST4434991635.201.103.21192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.502093077 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.505903006 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.505911112 CEST4434991635.201.103.21192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.506000996 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.506184101 CEST4434991635.201.103.21192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.506711960 CEST49916443192.168.2.635.201.103.21
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.517999887 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.518029928 CEST4434992334.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.518632889 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.518785000 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.518791914 CEST4434992334.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.539839029 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.546082973 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.547676086 CEST4434991735.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.548557043 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.551348925 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.551357031 CEST4434991735.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.551384926 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.551671028 CEST4434991735.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.553606987 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.553699017 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.553785086 CEST4434991735.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.553848982 CEST49917443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.557202101 CEST4434991935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.557734966 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.558816910 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.561244965 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.561249971 CEST4434991935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.562239885 CEST4434991935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.563026905 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.564090967 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.564169884 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.564518929 CEST4434991935.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.565105915 CEST49919443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.674149036 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.690713882 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.693643093 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.698964119 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.743614912 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.821947098 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.865942955 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.148974895 CEST4434992334.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.149060965 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.152476072 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.152486086 CEST4434992334.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.153495073 CEST4434992334.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.155433893 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.155554056 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.155599117 CEST4434992334.149.100.209192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.155764103 CEST49923443192.168.2.634.149.100.209
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.158878088 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.164190054 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.286781073 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.290759087 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.296128988 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.329618931 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.423460007 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.467844963 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.199191093 CEST4434991835.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.199268103 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.202346087 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.202352047 CEST4434991835.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.202699900 CEST4434991835.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.204709053 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.204807043 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.204891920 CEST4434991835.244.181.201192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.204963923 CEST49918443192.168.2.635.244.181.201
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.208064079 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.213511944 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.340681076 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.344290972 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.349544048 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.385874987 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.487566948 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.533035994 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:48.341773987 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:48.347090006 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:48.495471001 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:48.500885963 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.423444033 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.423481941 CEST4435002934.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.423548937 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.425060034 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.425074100 CEST4435002934.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.032999992 CEST4435002934.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.033092022 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.038290024 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.038296938 CEST4435002934.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.038409948 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.038475037 CEST4435002934.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.039933920 CEST50029443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.041363955 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.046694040 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.171452045 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.174787045 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.180331945 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.220204115 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.303411961 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.351732016 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.598453045 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.603858948 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.746617079 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.750117064 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.756066084 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.790015936 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.878618956 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.928129911 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.301712990 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.301759005 CEST4435003434.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.301764011 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.301815987 CEST4435003534.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.302598000 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.302777052 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.302792072 CEST4435003434.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.302947998 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.302948952 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.302994013 CEST4435003534.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328082085 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328167915 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328237057 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328269958 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328381062 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328403950 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328501940 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.328511953 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343455076 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343465090 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343465090 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343508959 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343679905 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343715906 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343799114 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343813896 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343911886 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343940020 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343956947 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.343970060 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.925769091 CEST4435003434.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.926193953 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.929893017 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.929922104 CEST4435003434.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.930258036 CEST4435003434.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.933166027 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.933296919 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.933351994 CEST4435003434.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.933829069 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.933854103 CEST4435004034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.934221983 CEST50034443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.934248924 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.934457064 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.934469938 CEST4435004034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.940645933 CEST4435003534.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.940752983 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.943717957 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.943727970 CEST4435003534.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.944485903 CEST4435003534.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.946573973 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.946670055 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.946758032 CEST4435003534.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.947104931 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.947148085 CEST4435004134.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.947288990 CEST50035443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.947323084 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.947436094 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.947449923 CEST4435004134.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.960336924 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.964972973 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.964983940 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.965106010 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.965727091 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.967700958 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.967729092 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.968080044 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.968106031 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.968332052 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.969965935 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.970012903 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.970477104 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.970556021 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.970607042 CEST4435003834.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.971749067 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.971765995 CEST50038443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.971786022 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.971786022 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.974716902 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.974723101 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.975038052 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.977746964 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.977756977 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.978651047 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.981704950 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.981801987 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.981878996 CEST4435003634.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.982387066 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.982465982 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.982794046 CEST4435003734.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.992008924 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.992023945 CEST50036443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.992032051 CEST50037443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.131674051 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.177103043 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.231436014 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.236898899 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.359875917 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.406353951 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.564944983 CEST4435004034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.565031052 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.568164110 CEST4435004134.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.568330050 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.568437099 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.568443060 CEST4435004034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.568856001 CEST4435004034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.570874929 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.570883989 CEST4435004134.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.571924925 CEST4435004134.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.574677944 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.574825048 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.574850082 CEST4435004034.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.575053930 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.575113058 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.575494051 CEST4435004134.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.575638056 CEST50040443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.575644970 CEST50041443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.578648090 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.584052086 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.609148026 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.609162092 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.609215975 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.612485886 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.612495899 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.612693071 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.615485907 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.615590096 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.615609884 CEST4435003934.120.208.123192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.616378069 CEST50039443192.168.2.634.120.208.123
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.748733997 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.751872063 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.757436037 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.799949884 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.880306005 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.931008101 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:16.766799927 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:16.780584097 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:16.902868986 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:16.908549070 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:26.800952911 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:26.806467056 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:26.916851997 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:26.922141075 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:36.807568073 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:36.813003063 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:36.929999113 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:36.938024044 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.378683090 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.378711939 CEST4435004434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.378926039 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.380764008 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.380779028 CEST4435004434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.950064898 CEST4435004434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.950153112 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.955769062 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.955781937 CEST4435004434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.955871105 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.956192017 CEST4435004434.107.243.93192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.957411051 CEST50044443192.168.2.634.107.243.93
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.958942890 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.964291096 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.087172031 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.103004932 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.108706951 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.156069994 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.231822014 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.286442041 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:50.115123987 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:50.120445013 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:50.246623039 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:30:50.252336025 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:31:00.127669096 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:31:00.136183023 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:31:00.259356022 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:31:00.264703035 CEST804975534.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:31:10.146322012 CEST4975680192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:31:10.151716948 CEST804975634.107.221.82192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:31:10.268728971 CEST4975580192.168.2.634.107.221.82
                                                                                                                                                                                                        Oct 26, 2024 05:31:10.274758101 CEST804975534.107.221.82192.168.2.6

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.791989088 CEST5898753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.808420897 CEST53589871.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.858745098 CEST6085653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.866832972 CEST53608561.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.218497038 CEST5693453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.221122980 CEST5380753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.226479053 CEST53569341.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.230000019 CEST5237553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.230981112 CEST4917653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.237634897 CEST53523751.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.238153934 CEST53491761.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.238676071 CEST6002553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.239182949 CEST5897753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.247028112 CEST53600251.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.247044086 CEST53589771.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.107271910 CEST6327653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.114485979 CEST53632761.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.150217056 CEST5190053192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.151076078 CEST5732153192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.157550097 CEST53519001.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.158081055 CEST53573211.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.170334101 CEST5352653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.177452087 CEST53535261.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.178284883 CEST5455453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.185913086 CEST53545541.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.704457998 CEST6237353192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.705559969 CEST6129353192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712572098 CEST53623731.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.715481997 CEST5007953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.718935013 CEST6050853192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.723112106 CEST53500791.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.726839066 CEST53605081.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.729374886 CEST5566553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.737179041 CEST53556651.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.741244078 CEST5837853192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.748754978 CEST53583781.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.937649012 CEST5989053192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.944969893 CEST53598901.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.951112986 CEST6263153192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.958455086 CEST53626311.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.959041119 CEST6498553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.966166019 CEST53649851.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.489861012 CEST5683053192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.500230074 CEST53568301.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.515633106 CEST6237753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.526611090 CEST53623771.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.530934095 CEST5970353192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST53597031.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.716818094 CEST5496453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.725600004 CEST53549641.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.735843897 CEST6085553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.744709015 CEST53608551.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.757056952 CEST6482453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.764832020 CEST53648241.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.610491991 CEST5484953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.650139093 CEST53628731.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.660940886 CEST6059453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.668376923 CEST53605941.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.669348955 CEST5114853192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.676676989 CEST53511481.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.677423954 CEST6098953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.684915066 CEST53609891.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.975328922 CEST5211953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.976155996 CEST6483453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.982642889 CEST53521191.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.983557940 CEST53648341.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.986105919 CEST5456253192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.993326902 CEST53545621.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.022722006 CEST5801653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.029671907 CEST53580161.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.032871008 CEST5789753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.040189981 CEST53578971.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.041404009 CEST5896253192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.048825026 CEST53589621.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.565196991 CEST5270153192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.572545052 CEST53527011.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.025927067 CEST6261953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.033292055 CEST53626191.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.778374910 CEST6298453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.778853893 CEST5583453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.779412985 CEST4999653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST53629841.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785861969 CEST53558341.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786655903 CEST5542953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786922932 CEST53499961.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.787033081 CEST5685153192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.787592888 CEST5160153192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST53554291.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794611931 CEST53568511.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794728041 CEST5258753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795099974 CEST5249753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795131922 CEST53516011.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795500994 CEST5276153192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802201033 CEST53525871.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802668095 CEST53524971.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802746058 CEST5867953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.803415060 CEST53527611.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.810113907 CEST53586791.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.846232891 CEST5646553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.853888035 CEST53564651.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.854547024 CEST5151553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.861701965 CEST53515151.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.257586956 CEST5374753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.259556055 CEST5062553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265077114 CEST53537471.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265881062 CEST5594953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.267332077 CEST53506251.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268330097 CEST5712953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.273417950 CEST53559491.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.275557995 CEST53571291.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.276082039 CEST6186653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.283684969 CEST53618661.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.792867899 CEST5491753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.800003052 CEST53549171.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.824117899 CEST5684953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.834410906 CEST53568491.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.842325926 CEST5213953192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.851322889 CEST53521391.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.856003046 CEST6440753192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.864777088 CEST53644071.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.422818899 CEST6474553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.430191040 CEST53647451.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.431319952 CEST6299653192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.439302921 CEST53629961.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.041682959 CEST5460553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.301994085 CEST5829553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.309076071 CEST53582951.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.318001986 CEST5775853192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.325305939 CEST53577581.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.365767002 CEST6331453192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.377473116 CEST53633141.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.378137112 CEST5268553192.168.2.61.1.1.1
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.385370970 CEST53526851.1.1.1192.168.2.6
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.959203959 CEST5807053192.168.2.61.1.1.1

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.791989088 CEST192.168.2.61.1.1.10x3256Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.858745098 CEST192.168.2.61.1.1.10x4f97Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.218497038 CEST192.168.2.61.1.1.10x9cd0Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.221122980 CEST192.168.2.61.1.1.10x6b38Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.230000019 CEST192.168.2.61.1.1.10x7998Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.230981112 CEST192.168.2.61.1.1.10x7920Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.238676071 CEST192.168.2.61.1.1.10x7315Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.239182949 CEST192.168.2.61.1.1.10x9c7fStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.107271910 CEST192.168.2.61.1.1.10x27c5Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.150217056 CEST192.168.2.61.1.1.10x62ffStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.151076078 CEST192.168.2.61.1.1.10xd877Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.170334101 CEST192.168.2.61.1.1.10x1299Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.178284883 CEST192.168.2.61.1.1.10x437dStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.704457998 CEST192.168.2.61.1.1.10xd43bStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.705559969 CEST192.168.2.61.1.1.10x560eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.715481997 CEST192.168.2.61.1.1.10x3d0eStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.718935013 CEST192.168.2.61.1.1.10xc2f4Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.729374886 CEST192.168.2.61.1.1.10x9a9bStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.741244078 CEST192.168.2.61.1.1.10x280eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.937649012 CEST192.168.2.61.1.1.10xb09aStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.951112986 CEST192.168.2.61.1.1.10xf2eaStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.959041119 CEST192.168.2.61.1.1.10xb9eaStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.489861012 CEST192.168.2.61.1.1.10x1a45Standard query (0)mitmdetection.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.515633106 CEST192.168.2.61.1.1.10x9cc0Standard query (0)mitmdetection.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.530934095 CEST192.168.2.61.1.1.10x5ebaStandard query (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.716818094 CEST192.168.2.61.1.1.10x7d13Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.735843897 CEST192.168.2.61.1.1.10xe564Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.757056952 CEST192.168.2.61.1.1.10xc0d7Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.610491991 CEST192.168.2.61.1.1.10xe96Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.660940886 CEST192.168.2.61.1.1.10x81e9Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.669348955 CEST192.168.2.61.1.1.10x8f38Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.677423954 CEST192.168.2.61.1.1.10xb3c9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.975328922 CEST192.168.2.61.1.1.10x1714Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.976155996 CEST192.168.2.61.1.1.10x82cbStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.986105919 CEST192.168.2.61.1.1.10x2ad3Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.022722006 CEST192.168.2.61.1.1.10x4cacStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.032871008 CEST192.168.2.61.1.1.10xe5a4Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.041404009 CEST192.168.2.61.1.1.10x6e88Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.565196991 CEST192.168.2.61.1.1.10x2807Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.025927067 CEST192.168.2.61.1.1.10x9f64Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.778374910 CEST192.168.2.61.1.1.10x894cStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.778853893 CEST192.168.2.61.1.1.10x629eStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.779412985 CEST192.168.2.61.1.1.10x7160Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786655903 CEST192.168.2.61.1.1.10xcce7Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.787033081 CEST192.168.2.61.1.1.10xc31dStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.787592888 CEST192.168.2.61.1.1.10x9a47Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794728041 CEST192.168.2.61.1.1.10xd06dStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795099974 CEST192.168.2.61.1.1.10x6b7fStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795500994 CEST192.168.2.61.1.1.10xc643Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802746058 CEST192.168.2.61.1.1.10x20cStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.846232891 CEST192.168.2.61.1.1.10x5556Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.854547024 CEST192.168.2.61.1.1.10x3b04Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.257586956 CEST192.168.2.61.1.1.10x5bc7Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.259556055 CEST192.168.2.61.1.1.10x39c3Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265881062 CEST192.168.2.61.1.1.10x12fbStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.268330097 CEST192.168.2.61.1.1.10x37bbStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.276082039 CEST192.168.2.61.1.1.10x8c3Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.792867899 CEST192.168.2.61.1.1.10xb0d3Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.824117899 CEST192.168.2.61.1.1.10x95e6Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.842325926 CEST192.168.2.61.1.1.10xc1e5Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.856003046 CEST192.168.2.61.1.1.10x1926Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.422818899 CEST192.168.2.61.1.1.10x9de4Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.431319952 CEST192.168.2.61.1.1.10x9a70Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.041682959 CEST192.168.2.61.1.1.10x4eeaStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.301994085 CEST192.168.2.61.1.1.10x963dStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.318001986 CEST192.168.2.61.1.1.10x2c81Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.365767002 CEST192.168.2.61.1.1.10xfde5Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.378137112 CEST192.168.2.61.1.1.10x31edStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.959203959 CEST192.168.2.61.1.1.10x606eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.786901951 CEST1.1.1.1192.168.2.60x3fa9No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:06.808420897 CEST1.1.1.1192.168.2.60x3256No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.226479053 CEST1.1.1.1192.168.2.60x9cd0No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.226479053 CEST1.1.1.1192.168.2.60x9cd0No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.229053020 CEST1.1.1.1192.168.2.60x6b38No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.229053020 CEST1.1.1.1192.168.2.60x6b38No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.237634897 CEST1.1.1.1192.168.2.60x7998No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.238153934 CEST1.1.1.1192.168.2.60x7920No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.247028112 CEST1.1.1.1192.168.2.60x7315No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.247044086 CEST1.1.1.1192.168.2.60x9c7fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.114485979 CEST1.1.1.1192.168.2.60x27c5No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.157550097 CEST1.1.1.1192.168.2.60x62ffNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.158081055 CEST1.1.1.1192.168.2.60xd877No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.177452087 CEST1.1.1.1192.168.2.60x1299No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.177452087 CEST1.1.1.1192.168.2.60x1299No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712260008 CEST1.1.1.1192.168.2.60x4135No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712260008 CEST1.1.1.1192.168.2.60x4135No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712572098 CEST1.1.1.1192.168.2.60xd43bNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712572098 CEST1.1.1.1192.168.2.60xd43bNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712816954 CEST1.1.1.1192.168.2.60x560eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.712816954 CEST1.1.1.1192.168.2.60x560eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.723112106 CEST1.1.1.1192.168.2.60x3d0eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.726839066 CEST1.1.1.1192.168.2.60xc2f4No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.944969893 CEST1.1.1.1192.168.2.60xb09aNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.944969893 CEST1.1.1.1192.168.2.60xb09aNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.944969893 CEST1.1.1.1192.168.2.60xb09aNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.958455086 CEST1.1.1.1192.168.2.60xf2eaNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.966166019 CEST1.1.1.1192.168.2.60xb9eaNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.500230074 CEST1.1.1.1192.168.2.60x1a45No error (0)mitmdetection.services.mozilla.com13.32.99.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.500230074 CEST1.1.1.1192.168.2.60x1a45No error (0)mitmdetection.services.mozilla.com13.32.99.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.500230074 CEST1.1.1.1192.168.2.60x1a45No error (0)mitmdetection.services.mozilla.com13.32.99.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.500230074 CEST1.1.1.1192.168.2.60x1a45No error (0)mitmdetection.services.mozilla.com13.32.99.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.526611090 CEST1.1.1.1192.168.2.60x9cc0No error (0)mitmdetection.services.mozilla.com13.32.99.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.526611090 CEST1.1.1.1192.168.2.60x9cc0No error (0)mitmdetection.services.mozilla.com13.32.99.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.526611090 CEST1.1.1.1192.168.2.60x9cc0No error (0)mitmdetection.services.mozilla.com13.32.99.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.526611090 CEST1.1.1.1192.168.2.60x9cc0No error (0)mitmdetection.services.mozilla.com13.32.99.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.542975903 CEST1.1.1.1192.168.2.60x5ebaNo error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.725600004 CEST1.1.1.1192.168.2.60x7d13No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.725600004 CEST1.1.1.1192.168.2.60x7d13No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.725600004 CEST1.1.1.1192.168.2.60x7d13No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.744709015 CEST1.1.1.1192.168.2.60xe564No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.618011951 CEST1.1.1.1192.168.2.60xe96No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.668376923 CEST1.1.1.1192.168.2.60x81e9No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.676676989 CEST1.1.1.1192.168.2.60x8f38No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.970458984 CEST1.1.1.1192.168.2.60x1e6eNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.970458984 CEST1.1.1.1192.168.2.60x1e6eNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.972373009 CEST1.1.1.1192.168.2.60xd1c2No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.982642889 CEST1.1.1.1192.168.2.60x1714No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.029671907 CEST1.1.1.1192.168.2.60x4cacNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.029671907 CEST1.1.1.1192.168.2.60x4cacNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.040189981 CEST1.1.1.1192.168.2.60xe5a4No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.663176060 CEST1.1.1.1192.168.2.60xe9d6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785816908 CEST1.1.1.1192.168.2.60x894cNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785861969 CEST1.1.1.1192.168.2.60x629eNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785861969 CEST1.1.1.1192.168.2.60x629eNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786922932 CEST1.1.1.1192.168.2.60x7160No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786922932 CEST1.1.1.1192.168.2.60x7160No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786922932 CEST1.1.1.1192.168.2.60x7160No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786922932 CEST1.1.1.1192.168.2.60x7160No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.786922932 CEST1.1.1.1192.168.2.60x7160No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794199944 CEST1.1.1.1192.168.2.60xcce7No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.794611931 CEST1.1.1.1192.168.2.60xc31dNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795131922 CEST1.1.1.1192.168.2.60x9a47No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795131922 CEST1.1.1.1192.168.2.60x9a47No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795131922 CEST1.1.1.1192.168.2.60x9a47No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.795131922 CEST1.1.1.1192.168.2.60x9a47No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802201033 CEST1.1.1.1192.168.2.60xd06dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802201033 CEST1.1.1.1192.168.2.60xd06dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802201033 CEST1.1.1.1192.168.2.60xd06dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802201033 CEST1.1.1.1192.168.2.60xd06dNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.802668095 CEST1.1.1.1192.168.2.60x6b7fNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.810113907 CEST1.1.1.1192.168.2.60x20cNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.853888035 CEST1.1.1.1192.168.2.60x5556No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.265077114 CEST1.1.1.1192.168.2.60x5bc7No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.267332077 CEST1.1.1.1192.168.2.60x39c3No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.267332077 CEST1.1.1.1192.168.2.60x39c3No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.267332077 CEST1.1.1.1192.168.2.60x39c3No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.267332077 CEST1.1.1.1192.168.2.60x39c3No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.275557995 CEST1.1.1.1192.168.2.60x37bbNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.275557995 CEST1.1.1.1192.168.2.60x37bbNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.275557995 CEST1.1.1.1192.168.2.60x37bbNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.275557995 CEST1.1.1.1192.168.2.60x37bbNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.834410906 CEST1.1.1.1192.168.2.60x95e6No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.834410906 CEST1.1.1.1192.168.2.60x95e6No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.851322889 CEST1.1.1.1192.168.2.60xc1e5No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.616506100 CEST1.1.1.1192.168.2.60x7d02No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.616506100 CEST1.1.1.1192.168.2.60x7d02No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:56.430191040 CEST1.1.1.1192.168.2.60x9de4No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.049086094 CEST1.1.1.1192.168.2.60x4eeaNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.049086094 CEST1.1.1.1192.168.2.60x4eeaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.308696032 CEST1.1.1.1192.168.2.60x3442No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.309076071 CEST1.1.1.1192.168.2.60x963dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:37.377473116 CEST1.1.1.1192.168.2.60xfde5No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.966708899 CEST1.1.1.1192.168.2.60x606eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.966708899 CEST1.1.1.1192.168.2.60x606eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                        • detectportal.firefox.com

                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.64973134.107.221.82805708C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Oct 26, 2024 05:29:07.462899923 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.066818953 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48770
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.937613964 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.060842991 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48771
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.64974534.107.221.82805708C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Oct 26, 2024 05:29:08.733179092 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        2192.168.2.64975534.107.221.82805708C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.430516958 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.045058966 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65211
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.705404043 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:12.838854074 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65214
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.613112926 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.742023945 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65215
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.472265005 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.606077909 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65219
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.508219957 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.636951923 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65220
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.171751976 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:19.300359011 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65221
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.018564939 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:23.159708023 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65225
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.979331970 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:26.108263016 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65228
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.043389082 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.172233105 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65238
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.546082973 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.674149036 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65238
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.693643093 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.821947098 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65238
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.290759087 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.423460007 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65239
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.344290972 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.487566948 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65240
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:48.495471001 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.174787045 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.303411961 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65259
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.750117064 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.878618956 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65261
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.231436014 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.359875917 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65268
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.751872063 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.880306005 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65268
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:30:16.902868986 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:30:26.916851997 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:30:36.929999113 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.103004932 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.231822014 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 09:22:18 GMT
                                                                                                                                                                                                        Age: 65302
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                        Oct 26, 2024 05:30:50.246623039 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:31:00.259356022 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:31:10.268728971 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        3192.168.2.64975634.107.221.82805708C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Oct 26, 2024 05:29:09.514477015 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:10.124620914 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48772
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.467181921 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:13.606992006 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48775
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.019357920 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:14.147233009 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48776
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.637301922 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:17.765292883 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48779
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.518702030 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:18.646532059 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48780
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.790965080 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:20.919475079 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48782
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.785238028 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:25.913608074 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48787
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:35.905271053 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.035541058 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48797
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.411705017 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.539839029 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48798
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.557734966 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:36.690713882 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48798
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.158878088 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:37.286781073 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48799
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.208064079 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:38.340681076 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48800
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:48.341773987 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.041363955 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:57.171452045 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48819
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.598453045 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:29:59.746617079 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48821
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:30:05.960336924 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.131674051 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48828
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.578648090 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:30:06.748733997 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48828
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:30:16.766799927 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:30:26.800952911 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:30:36.807568073 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:30:39.958942890 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Oct 26, 2024 05:30:40.087172031 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                        Date: Fri, 25 Oct 2024 13:56:18 GMT
                                                                                                                                                                                                        Age: 48862
                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                        Oct 26, 2024 05:30:50.115123987 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:31:00.127669096 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Oct 26, 2024 05:31:10.146322012 CEST6OUTData Raw: 00
                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:23:29:00
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                        Imagebase:0x8f0000
                                                                                                                                                                                                        File size:919'040 bytes
                                                                                                                                                                                                        MD5 hash:EE970780C371D5BD42992B92132F5014
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                        Start time:23:29:00
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:23:29:00
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                        Start time:23:29:02
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                        Start time:23:29:02
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                        Start time:23:29:02
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                        Start time:23:29:02
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://www.facebook.com/video" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                        Start time:23:29:03
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://www.facebook.com/video --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                        Start time:23:29:04
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2236 -prefMapHandle 2172 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4349ab-a9f6-42ff-bb2a-dd2e53f43512} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d6b76eb10 socket
                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                        Start time:23:29:06
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -parentBuildID 20230927232528 -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {718ad585-42aa-4e4e-ba2f-5467c54e1ea4} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d7cec2610 rdd
                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                        Start time:23:29:13
                                                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3724 -prefMapHandle 3760 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b68f86-3d73-4504-b757-55b95ea6c02a} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" 23d858c2710 utility
                                                                                                                                                                                                        Imagebase:0x7ff728280000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:1.9%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:4.7%
                                                                                                                                                                                                          Total number of Nodes:1485
                                                                                                                                                                                                          Total number of Limit Nodes:60
                                                                                                                                                                                                          execution_graph 95224 943f75 95235 90ceb1 95224->95235 95226 943f8b 95227 944006 95226->95227 95302 90e300 23 API calls 95226->95302 95244 8fbf40 95227->95244 95229 944052 95233 944a88 95229->95233 95304 96359c 82 API calls __wsopen_s 95229->95304 95231 943fe6 95231->95229 95303 961abf 22 API calls 95231->95303 95236 90ced2 95235->95236 95237 90cebf 95235->95237 95238 90cf05 95236->95238 95239 90ced7 95236->95239 95305 8faceb 95237->95305 95242 8faceb 23 API calls 95238->95242 95315 90fddb 95239->95315 95243 90cec9 95242->95243 95243->95226 95339 8fadf0 95244->95339 95246 8fbf9d 95247 9404b6 95246->95247 95248 8fbfa9 95246->95248 95367 96359c 82 API calls __wsopen_s 95247->95367 95250 8fc01e 95248->95250 95251 9404c6 95248->95251 95344 8fac91 95250->95344 95368 96359c 82 API calls __wsopen_s 95251->95368 95254 9409bf 95301 8fc603 95254->95301 95405 96359c 82 API calls __wsopen_s 95254->95405 95255 8fc7da 95356 90fe0b 95255->95356 95257 957120 22 API calls 95287 8fc039 __fread_nolock messages 95257->95287 95262 9404f5 95266 94055a 95262->95266 95369 90d217 348 API calls 95262->95369 95265 8fec40 348 API calls 95265->95287 95266->95301 95370 96359c 82 API calls __wsopen_s 95266->95370 95267 90fe0b 22 API calls 95285 8fc350 __fread_nolock messages 95267->95285 95268 8faf8a 22 API calls 95268->95287 95269 8fc808 __fread_nolock 95269->95267 95270 94091a 95403 963209 23 API calls 95270->95403 95273 9408a5 95377 8fec40 95273->95377 95276 9408cf 95276->95301 95401 8fa81b 41 API calls 95276->95401 95277 940591 95371 96359c 82 API calls __wsopen_s 95277->95371 95278 9408f6 95402 96359c 82 API calls __wsopen_s 95278->95402 95283 8fc3ac 95283->95229 95284 8faceb 23 API calls 95284->95287 95285->95283 95366 90ce17 22 API calls messages 95285->95366 95286 8fc237 95288 8fc253 95286->95288 95404 8fa8c7 22 API calls __fread_nolock 95286->95404 95287->95254 95287->95255 95287->95257 95287->95262 95287->95265 95287->95266 95287->95268 95287->95269 95287->95270 95287->95273 95287->95277 95287->95278 95287->95284 95287->95286 95293 90fddb 22 API calls 95287->95293 95298 8fbbe0 40 API calls 95287->95298 95300 90fe0b 22 API calls 95287->95300 95287->95301 95348 8fad81 95287->95348 95372 957099 22 API calls __fread_nolock 95287->95372 95373 975745 54 API calls _wcslen 95287->95373 95374 90aa42 22 API calls messages 95287->95374 95375 95f05c 40 API calls 95287->95375 95376 8fa993 41 API calls 95287->95376 95290 940976 95288->95290 95294 8fc297 messages 95288->95294 95292 8faceb 23 API calls 95290->95292 95292->95254 95293->95287 95294->95254 95295 8faceb 23 API calls 95294->95295 95296 8fc335 95295->95296 95296->95254 95297 8fc342 95296->95297 95355 8fa704 22 API calls messages 95297->95355 95298->95287 95300->95287 95301->95229 95302->95231 95303->95227 95304->95233 95306 8facf9 95305->95306 95314 8fad2a messages 95305->95314 95307 8fad55 95306->95307 95309 8fad01 messages 95306->95309 95307->95314 95325 8fa8c7 22 API calls __fread_nolock 95307->95325 95310 93fa48 95309->95310 95311 8fad21 95309->95311 95309->95314 95310->95314 95326 90ce17 22 API calls messages 95310->95326 95312 93fa3a VariantClear 95311->95312 95311->95314 95312->95314 95314->95243 95317 90fde0 95315->95317 95318 90fdfa 95317->95318 95321 90fdfc 95317->95321 95327 91ea0c 95317->95327 95334 914ead 7 API calls 2 library calls 95317->95334 95318->95243 95320 91066d 95336 9132a4 RaiseException 95320->95336 95321->95320 95335 9132a4 RaiseException 95321->95335 95324 91068a 95324->95243 95325->95314 95326->95314 95332 923820 BuildCatchObjectHelperInternal 95327->95332 95328 92385e 95338 91f2d9 20 API calls __dosmaperr 95328->95338 95329 923849 RtlAllocateHeap 95331 92385c 95329->95331 95329->95332 95331->95317 95332->95328 95332->95329 95337 914ead 7 API calls 2 library calls 95332->95337 95334->95317 95335->95320 95336->95324 95337->95332 95338->95331 95340 8fae01 95339->95340 95343 8fae1c messages 95339->95343 95406 8faec9 95340->95406 95342 8fae09 CharUpperBuffW 95342->95343 95343->95246 95345 8facae 95344->95345 95346 8facd1 95345->95346 95412 96359c 82 API calls __wsopen_s 95345->95412 95346->95287 95349 93fadb 95348->95349 95350 8fad92 95348->95350 95351 90fddb 22 API calls 95350->95351 95352 8fad99 95351->95352 95413 8fadcd 95352->95413 95355->95285 95358 90fddb 95356->95358 95357 91ea0c ___std_exception_copy 21 API calls 95357->95358 95358->95357 95359 90fdfa 95358->95359 95362 90fdfc 95358->95362 95426 914ead 7 API calls 2 library calls 95358->95426 95359->95269 95361 91066d 95428 9132a4 RaiseException 95361->95428 95362->95361 95427 9132a4 RaiseException 95362->95427 95365 91068a 95365->95269 95366->95285 95367->95251 95368->95301 95369->95266 95370->95301 95371->95301 95372->95287 95373->95287 95374->95287 95375->95287 95376->95287 95383 8fec76 messages 95377->95383 95378 944beb 95436 96359c 82 API calls __wsopen_s 95378->95436 95379 8ffef7 95394 8fed9d messages 95379->95394 95432 8fa8c7 22 API calls __fread_nolock 95379->95432 95382 90fddb 22 API calls 95382->95383 95383->95378 95383->95379 95383->95382 95384 8ff3ae messages 95383->95384 95385 944600 95383->95385 95386 944b0b 95383->95386 95392 910242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95383->95392 95393 8fa8c7 22 API calls 95383->95393 95383->95394 95395 8fa961 22 API calls 95383->95395 95396 8ffbe3 95383->95396 95397 9100a3 29 API calls pre_c_initialization 95383->95397 95400 9101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95383->95400 95429 9001e0 348 API calls 2 library calls 95383->95429 95430 9006a0 41 API calls messages 95383->95430 95384->95394 95433 96359c 82 API calls __wsopen_s 95384->95433 95385->95394 95431 8fa8c7 22 API calls __fread_nolock 95385->95431 95434 96359c 82 API calls __wsopen_s 95386->95434 95392->95383 95393->95383 95394->95276 95395->95383 95396->95384 95396->95394 95398 944bdc 95396->95398 95397->95383 95435 96359c 82 API calls __wsopen_s 95398->95435 95400->95383 95401->95278 95402->95301 95403->95286 95404->95288 95405->95301 95407 8faedc 95406->95407 95411 8faed9 __fread_nolock 95406->95411 95408 90fddb 22 API calls 95407->95408 95409 8faee7 95408->95409 95410 90fe0b 22 API calls 95409->95410 95410->95411 95411->95342 95412->95346 95417 8faddd 95413->95417 95414 8fadb6 95414->95287 95415 90fddb 22 API calls 95415->95417 95417->95414 95417->95415 95418 8fadcd 22 API calls 95417->95418 95420 8fa961 95417->95420 95425 8fa8c7 22 API calls __fread_nolock 95417->95425 95418->95417 95421 90fe0b 22 API calls 95420->95421 95422 8fa976 95421->95422 95423 90fddb 22 API calls 95422->95423 95424 8fa984 95423->95424 95424->95417 95425->95417 95426->95358 95427->95361 95428->95365 95429->95383 95430->95383 95431->95394 95432->95394 95433->95394 95434->95394 95435->95378 95436->95394 95437 8f1cad SystemParametersInfoW 95438 9103fb 95439 910407 ___scrt_is_nonwritable_in_current_image 95438->95439 95467 90feb1 95439->95467 95441 91040e 95442 910561 95441->95442 95445 910438 95441->95445 95497 91083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95442->95497 95444 910568 95490 914e52 95444->95490 95456 910477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95445->95456 95478 92247d 95445->95478 95452 910457 95454 9104d8 95486 910959 95454->95486 95456->95454 95493 914e1a 38 API calls 3 library calls 95456->95493 95458 9104de 95459 9104f3 95458->95459 95494 910992 GetModuleHandleW 95459->95494 95461 9104fa 95461->95444 95462 9104fe 95461->95462 95463 910507 95462->95463 95495 914df5 28 API calls _abort 95462->95495 95496 910040 13 API calls 2 library calls 95463->95496 95466 91050f 95466->95452 95468 90feba 95467->95468 95499 910698 IsProcessorFeaturePresent 95468->95499 95470 90fec6 95500 912c94 10 API calls 3 library calls 95470->95500 95472 90fecb 95473 90fecf 95472->95473 95501 922317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95472->95501 95473->95441 95475 90fed8 95476 90fee6 95475->95476 95502 912cbd 8 API calls 3 library calls 95475->95502 95476->95441 95481 922494 95478->95481 95480 910451 95480->95452 95482 922421 95480->95482 95503 910a8c 95481->95503 95483 922450 95482->95483 95484 910a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95483->95484 95485 922479 95484->95485 95485->95456 95511 912340 95486->95511 95488 91096c GetStartupInfoW 95489 91097f 95488->95489 95489->95458 95513 914bcf 95490->95513 95493->95454 95494->95461 95495->95463 95496->95466 95497->95444 95499->95470 95500->95472 95501->95475 95502->95473 95504 910a95 95503->95504 95505 910a97 IsProcessorFeaturePresent 95503->95505 95504->95480 95507 910c5d 95505->95507 95510 910c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95507->95510 95509 910d40 95509->95480 95510->95509 95512 912357 95511->95512 95512->95488 95512->95512 95514 914bdb BuildCatchObjectHelperInternal 95513->95514 95515 914be2 95514->95515 95516 914bf4 95514->95516 95552 914d29 GetModuleHandleW 95515->95552 95537 922f5e EnterCriticalSection 95516->95537 95519 914be7 95519->95516 95553 914d6d GetModuleHandleExW 95519->95553 95520 914c99 95541 914cd9 95520->95541 95525 914c70 95526 914c88 95525->95526 95532 922421 _abort 5 API calls 95525->95532 95533 922421 _abort 5 API calls 95526->95533 95527 914bfb 95527->95520 95527->95525 95538 9221a8 95527->95538 95528 914ce2 95561 931d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 95528->95561 95529 914cb6 95544 914ce8 95529->95544 95532->95526 95533->95520 95537->95527 95562 921ee1 95538->95562 95588 922fa6 LeaveCriticalSection 95541->95588 95543 914cb2 95543->95528 95543->95529 95589 92360c 95544->95589 95547 914d16 95550 914d6d _abort 8 API calls 95547->95550 95548 914cf6 GetPEB 95548->95547 95549 914d06 GetCurrentProcess TerminateProcess 95548->95549 95549->95547 95551 914d1e ExitProcess 95550->95551 95552->95519 95554 914d97 GetProcAddress 95553->95554 95555 914dba 95553->95555 95556 914dac 95554->95556 95557 914dc0 FreeLibrary 95555->95557 95558 914dc9 95555->95558 95556->95555 95557->95558 95559 910a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95558->95559 95560 914bf3 95559->95560 95560->95516 95565 921e90 95562->95565 95564 921f05 95564->95525 95566 921e9c ___scrt_is_nonwritable_in_current_image 95565->95566 95573 922f5e EnterCriticalSection 95566->95573 95568 921eaa 95574 921f31 95568->95574 95572 921ec8 __fread_nolock 95572->95564 95573->95568 95577 921f51 95574->95577 95578 921f59 95574->95578 95575 910a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95576 921eb7 95575->95576 95580 921ed5 LeaveCriticalSection _abort 95576->95580 95577->95575 95578->95577 95581 9229c8 95578->95581 95580->95572 95582 9229d3 RtlFreeHeap 95581->95582 95586 9229fc _free 95581->95586 95583 9229e8 95582->95583 95582->95586 95587 91f2d9 20 API calls __dosmaperr 95583->95587 95585 9229ee GetLastError 95585->95586 95586->95577 95587->95585 95588->95543 95590 923631 95589->95590 95591 923627 95589->95591 95596 922fd7 5 API calls 2 library calls 95590->95596 95593 910a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95591->95593 95594 914cf2 95593->95594 95594->95547 95594->95548 95595 923648 95595->95591 95596->95595 95597 8f1044 95602 8f10f3 95597->95602 95599 8f104a 95638 9100a3 29 API calls __onexit 95599->95638 95601 8f1054 95639 8f1398 95602->95639 95606 8f116a 95607 8fa961 22 API calls 95606->95607 95608 8f1174 95607->95608 95609 8fa961 22 API calls 95608->95609 95610 8f117e 95609->95610 95611 8fa961 22 API calls 95610->95611 95612 8f1188 95611->95612 95613 8fa961 22 API calls 95612->95613 95614 8f11c6 95613->95614 95615 8fa961 22 API calls 95614->95615 95616 8f1292 95615->95616 95649 8f171c 95616->95649 95620 8f12c4 95621 8fa961 22 API calls 95620->95621 95622 8f12ce 95621->95622 95670 901940 95622->95670 95624 8f12f9 95680 8f1aab 95624->95680 95626 8f1315 95627 8f1325 GetStdHandle 95626->95627 95628 8f137a 95627->95628 95629 932485 95627->95629 95632 8f1387 OleInitialize 95628->95632 95629->95628 95630 93248e 95629->95630 95631 90fddb 22 API calls 95630->95631 95633 932495 95631->95633 95632->95599 95687 96011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95633->95687 95635 93249e 95688 960944 CreateThread 95635->95688 95637 9324aa CloseHandle 95637->95628 95638->95601 95689 8f13f1 95639->95689 95642 8f13f1 22 API calls 95643 8f13d0 95642->95643 95644 8fa961 22 API calls 95643->95644 95645 8f13dc 95644->95645 95696 8f6b57 95645->95696 95647 8f1129 95648 8f1bc3 6 API calls 95647->95648 95648->95606 95650 8fa961 22 API calls 95649->95650 95651 8f172c 95650->95651 95652 8fa961 22 API calls 95651->95652 95653 8f1734 95652->95653 95654 8fa961 22 API calls 95653->95654 95655 8f174f 95654->95655 95656 90fddb 22 API calls 95655->95656 95657 8f129c 95656->95657 95658 8f1b4a 95657->95658 95659 8f1b58 95658->95659 95660 8fa961 22 API calls 95659->95660 95661 8f1b63 95660->95661 95662 8fa961 22 API calls 95661->95662 95663 8f1b6e 95662->95663 95664 8fa961 22 API calls 95663->95664 95665 8f1b79 95664->95665 95666 8fa961 22 API calls 95665->95666 95667 8f1b84 95666->95667 95668 90fddb 22 API calls 95667->95668 95669 8f1b96 RegisterWindowMessageW 95668->95669 95669->95620 95671 901981 95670->95671 95672 90195d 95670->95672 95713 910242 5 API calls __Init_thread_wait 95671->95713 95679 90196e 95672->95679 95715 910242 5 API calls __Init_thread_wait 95672->95715 95675 90198b 95675->95672 95714 9101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95675->95714 95677 908727 95677->95679 95716 9101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95677->95716 95679->95624 95681 8f1abb 95680->95681 95682 93272d 95680->95682 95684 90fddb 22 API calls 95681->95684 95717 963209 23 API calls 95682->95717 95686 8f1ac3 95684->95686 95685 932738 95686->95626 95687->95635 95688->95637 95718 96092a 28 API calls 95688->95718 95690 8fa961 22 API calls 95689->95690 95691 8f13fc 95690->95691 95692 8fa961 22 API calls 95691->95692 95693 8f1404 95692->95693 95694 8fa961 22 API calls 95693->95694 95695 8f13c6 95694->95695 95695->95642 95697 934ba1 95696->95697 95698 8f6b67 _wcslen 95696->95698 95709 8f93b2 95697->95709 95701 8f6b7d 95698->95701 95702 8f6ba2 95698->95702 95700 934baa 95700->95700 95708 8f6f34 22 API calls 95701->95708 95704 90fddb 22 API calls 95702->95704 95706 8f6bae 95704->95706 95705 8f6b85 __fread_nolock 95705->95647 95707 90fe0b 22 API calls 95706->95707 95707->95705 95708->95705 95710 8f93c0 95709->95710 95711 8f93c9 __fread_nolock 95709->95711 95710->95711 95712 8faec9 22 API calls 95710->95712 95711->95700 95711->95711 95712->95711 95713->95675 95714->95672 95715->95677 95716->95679 95717->95685 95719 8f2de3 95720 8f2df0 __wsopen_s 95719->95720 95721 8f2e09 95720->95721 95722 932c2b ___scrt_fastfail 95720->95722 95735 8f3aa2 95721->95735 95725 932c47 GetOpenFileNameW 95722->95725 95727 932c96 95725->95727 95728 8f6b57 22 API calls 95727->95728 95730 932cab 95728->95730 95730->95730 95732 8f2e27 95763 8f44a8 95732->95763 95792 931f50 95735->95792 95738 8f3ace 95740 8f6b57 22 API calls 95738->95740 95739 8f3ae9 95798 8fa6c3 95739->95798 95742 8f3ada 95740->95742 95794 8f37a0 95742->95794 95745 8f2da5 95746 931f50 __wsopen_s 95745->95746 95747 8f2db2 GetLongPathNameW 95746->95747 95748 8f6b57 22 API calls 95747->95748 95749 8f2dda 95748->95749 95750 8f3598 95749->95750 95751 8fa961 22 API calls 95750->95751 95752 8f35aa 95751->95752 95753 8f3aa2 23 API calls 95752->95753 95754 8f35b5 95753->95754 95755 8f35c0 95754->95755 95758 9332eb 95754->95758 95804 8f515f 95755->95804 95760 93330d 95758->95760 95816 90ce60 41 API calls 95758->95816 95762 8f35df 95762->95732 95817 8f4ecb 95763->95817 95766 933833 95839 962cf9 95766->95839 95767 8f4ecb 94 API calls 95769 8f44e1 95767->95769 95769->95766 95771 8f44e9 95769->95771 95770 933848 95772 933869 95770->95772 95773 93384c 95770->95773 95775 933854 95771->95775 95776 8f44f5 95771->95776 95774 90fe0b 22 API calls 95772->95774 95866 8f4f39 95773->95866 95791 9338ae 95774->95791 95872 95da5a 82 API calls 95775->95872 95865 8f940c 136 API calls 2 library calls 95776->95865 95780 933862 95780->95772 95781 8f2e31 95782 933a5f 95783 8f4f39 68 API calls 95782->95783 95878 95989b 82 API calls __wsopen_s 95782->95878 95783->95782 95788 8f9cb3 22 API calls 95788->95791 95791->95782 95791->95788 95873 95967e 22 API calls __fread_nolock 95791->95873 95874 9595ad 42 API calls _wcslen 95791->95874 95875 960b5a 22 API calls 95791->95875 95876 8fa4a1 22 API calls __fread_nolock 95791->95876 95877 8f3ff7 22 API calls 95791->95877 95793 8f3aaf GetFullPathNameW 95792->95793 95793->95738 95793->95739 95795 8f37ae 95794->95795 95796 8f93b2 22 API calls 95795->95796 95797 8f2e12 95796->95797 95797->95745 95799 8fa6dd 95798->95799 95800 8fa6d0 95798->95800 95801 90fddb 22 API calls 95799->95801 95800->95742 95802 8fa6e7 95801->95802 95803 90fe0b 22 API calls 95802->95803 95803->95800 95805 8f516e 95804->95805 95809 8f518f __fread_nolock 95804->95809 95808 90fe0b 22 API calls 95805->95808 95806 90fddb 22 API calls 95807 8f35cc 95806->95807 95810 8f35f3 95807->95810 95808->95809 95809->95806 95811 8f3605 95810->95811 95815 8f3624 __fread_nolock 95810->95815 95813 90fe0b 22 API calls 95811->95813 95812 90fddb 22 API calls 95814 8f363b 95812->95814 95813->95815 95814->95762 95815->95812 95816->95758 95879 8f4e90 LoadLibraryA 95817->95879 95822 8f4ef6 LoadLibraryExW 95887 8f4e59 LoadLibraryA 95822->95887 95823 933ccf 95825 8f4f39 68 API calls 95823->95825 95827 933cd6 95825->95827 95829 8f4e59 3 API calls 95827->95829 95831 933cde 95829->95831 95830 8f4f20 95830->95831 95832 8f4f2c 95830->95832 95909 8f50f5 40 API calls __fread_nolock 95831->95909 95833 8f4f39 68 API calls 95832->95833 95836 8f44cd 95833->95836 95835 933cf5 95910 9628fe 27 API calls 95835->95910 95836->95766 95836->95767 95838 933d05 95840 962d15 95839->95840 95979 8f511f 64 API calls 95840->95979 95842 962d29 95980 962e66 75 API calls 95842->95980 95844 962d3b 95862 962d3f 95844->95862 95981 8f50f5 40 API calls __fread_nolock 95844->95981 95846 962d56 95982 8f50f5 40 API calls __fread_nolock 95846->95982 95848 962d66 95983 8f50f5 40 API calls __fread_nolock 95848->95983 95850 962d81 95984 8f50f5 40 API calls __fread_nolock 95850->95984 95852 962d9c 95985 8f511f 64 API calls 95852->95985 95854 962db3 95855 91ea0c ___std_exception_copy 21 API calls 95854->95855 95856 962dba 95855->95856 95857 91ea0c ___std_exception_copy 21 API calls 95856->95857 95858 962dc4 95857->95858 95986 8f50f5 40 API calls __fread_nolock 95858->95986 95860 962dd8 95987 9628fe 27 API calls 95860->95987 95862->95770 95863 962dee 95863->95862 95988 9622ce 79 API calls 95863->95988 95865->95781 95867 8f4f4a 95866->95867 95868 8f4f43 95866->95868 95870 8f4f6a FreeLibrary 95867->95870 95871 8f4f59 95867->95871 95989 91e678 95868->95989 95870->95871 95871->95775 95872->95780 95873->95791 95874->95791 95875->95791 95876->95791 95877->95791 95878->95782 95880 8f4ea8 GetProcAddress 95879->95880 95881 8f4ec6 95879->95881 95882 8f4eb8 95880->95882 95884 91e5eb 95881->95884 95882->95881 95883 8f4ebf FreeLibrary 95882->95883 95883->95881 95911 91e52a 95884->95911 95886 8f4eea 95886->95822 95886->95823 95888 8f4e6e GetProcAddress 95887->95888 95889 8f4e8d 95887->95889 95890 8f4e7e 95888->95890 95892 8f4f80 95889->95892 95890->95889 95891 8f4e86 FreeLibrary 95890->95891 95891->95889 95893 90fe0b 22 API calls 95892->95893 95894 8f4f95 95893->95894 95965 8f5722 95894->95965 95896 8f4fa1 __fread_nolock 95897 8f50a5 95896->95897 95898 933d1d 95896->95898 95908 8f4fdc 95896->95908 95968 8f42a2 CreateStreamOnHGlobal 95897->95968 95976 96304d 74 API calls 95898->95976 95901 933d22 95977 8f511f 64 API calls 95901->95977 95904 933d45 95978 8f50f5 40 API calls __fread_nolock 95904->95978 95906 8f506e messages 95906->95830 95908->95901 95908->95906 95974 8f50f5 40 API calls __fread_nolock 95908->95974 95975 8f511f 64 API calls 95908->95975 95909->95835 95910->95838 95914 91e536 ___scrt_is_nonwritable_in_current_image 95911->95914 95912 91e544 95936 91f2d9 20 API calls __dosmaperr 95912->95936 95914->95912 95916 91e574 95914->95916 95915 91e549 95937 9227ec 26 API calls __fread_nolock 95915->95937 95918 91e586 95916->95918 95919 91e579 95916->95919 95928 928061 95918->95928 95938 91f2d9 20 API calls __dosmaperr 95919->95938 95922 91e58f 95923 91e5a2 95922->95923 95924 91e595 95922->95924 95940 91e5d4 LeaveCriticalSection __fread_nolock 95923->95940 95939 91f2d9 20 API calls __dosmaperr 95924->95939 95926 91e554 __fread_nolock 95926->95886 95929 92806d ___scrt_is_nonwritable_in_current_image 95928->95929 95941 922f5e EnterCriticalSection 95929->95941 95931 92807b 95942 9280fb 95931->95942 95935 9280ac __fread_nolock 95935->95922 95936->95915 95937->95926 95938->95926 95939->95926 95940->95926 95941->95931 95943 92811e 95942->95943 95944 928177 95943->95944 95951 928088 95943->95951 95959 91918d EnterCriticalSection 95943->95959 95960 9191a1 LeaveCriticalSection 95943->95960 95961 924c7d 20 API calls 2 library calls 95944->95961 95946 928180 95948 9229c8 _free 20 API calls 95946->95948 95949 928189 95948->95949 95949->95951 95962 923405 11 API calls 2 library calls 95949->95962 95956 9280b7 95951->95956 95952 9281a8 95963 91918d EnterCriticalSection 95952->95963 95955 9281bb 95955->95951 95964 922fa6 LeaveCriticalSection 95956->95964 95958 9280be 95958->95935 95959->95943 95960->95943 95961->95946 95962->95952 95963->95955 95964->95958 95966 90fddb 22 API calls 95965->95966 95967 8f5734 95966->95967 95967->95896 95969 8f42bc FindResourceExW 95968->95969 95970 8f42d9 95968->95970 95969->95970 95971 9335ba LoadResource 95969->95971 95970->95908 95971->95970 95972 9335cf SizeofResource 95971->95972 95972->95970 95973 9335e3 LockResource 95972->95973 95973->95970 95974->95908 95975->95908 95976->95901 95977->95904 95978->95906 95979->95842 95980->95844 95981->95846 95982->95848 95983->95850 95984->95852 95985->95854 95986->95860 95987->95863 95988->95862 95990 91e684 ___scrt_is_nonwritable_in_current_image 95989->95990 95991 91e695 95990->95991 95992 91e6aa 95990->95992 96002 91f2d9 20 API calls __dosmaperr 95991->96002 96001 91e6a5 __fread_nolock 95992->96001 96004 91918d EnterCriticalSection 95992->96004 95995 91e69a 96003 9227ec 26 API calls __fread_nolock 95995->96003 95996 91e6c6 96005 91e602 95996->96005 95999 91e6d1 96021 91e6ee LeaveCriticalSection __fread_nolock 95999->96021 96001->95867 96002->95995 96003->96001 96004->95996 96006 91e624 96005->96006 96007 91e60f 96005->96007 96019 91e61f 96006->96019 96024 91dc0b 96006->96024 96022 91f2d9 20 API calls __dosmaperr 96007->96022 96009 91e614 96023 9227ec 26 API calls __fread_nolock 96009->96023 96016 91e646 96041 92862f 96016->96041 96019->95999 96020 9229c8 _free 20 API calls 96020->96019 96021->96001 96022->96009 96023->96019 96025 91dc23 96024->96025 96029 91dc1f 96024->96029 96026 91d955 __fread_nolock 26 API calls 96025->96026 96025->96029 96027 91dc43 96026->96027 96056 9259be 62 API calls 5 library calls 96027->96056 96030 924d7a 96029->96030 96031 924d90 96030->96031 96032 91e640 96030->96032 96031->96032 96033 9229c8 _free 20 API calls 96031->96033 96034 91d955 96032->96034 96033->96032 96035 91d961 96034->96035 96036 91d976 96034->96036 96057 91f2d9 20 API calls __dosmaperr 96035->96057 96036->96016 96038 91d966 96058 9227ec 26 API calls __fread_nolock 96038->96058 96040 91d971 96040->96016 96042 928653 96041->96042 96043 92863e 96041->96043 96044 92868e 96042->96044 96048 92867a 96042->96048 96059 91f2c6 20 API calls __dosmaperr 96043->96059 96064 91f2c6 20 API calls __dosmaperr 96044->96064 96047 928643 96060 91f2d9 20 API calls __dosmaperr 96047->96060 96061 928607 96048->96061 96049 928693 96065 91f2d9 20 API calls __dosmaperr 96049->96065 96053 91e64c 96053->96019 96053->96020 96054 92869b 96066 9227ec 26 API calls __fread_nolock 96054->96066 96056->96029 96057->96038 96058->96040 96059->96047 96060->96053 96067 928585 96061->96067 96063 92862b 96063->96053 96064->96049 96065->96054 96066->96053 96068 928591 ___scrt_is_nonwritable_in_current_image 96067->96068 96078 925147 EnterCriticalSection 96068->96078 96070 92859f 96071 9285d1 96070->96071 96072 9285c6 96070->96072 96094 91f2d9 20 API calls __dosmaperr 96071->96094 96079 9286ae 96072->96079 96075 9285cc 96095 9285fb LeaveCriticalSection __wsopen_s 96075->96095 96077 9285ee __fread_nolock 96077->96063 96078->96070 96096 9253c4 96079->96096 96081 9286c4 96109 925333 21 API calls 3 library calls 96081->96109 96083 9286be 96083->96081 96084 9286f6 96083->96084 96085 9253c4 __wsopen_s 26 API calls 96083->96085 96084->96081 96086 9253c4 __wsopen_s 26 API calls 96084->96086 96088 9286ed 96085->96088 96089 928702 CloseHandle 96086->96089 96087 92871c 96090 92873e 96087->96090 96110 91f2a3 20 API calls 2 library calls 96087->96110 96091 9253c4 __wsopen_s 26 API calls 96088->96091 96089->96081 96092 92870e GetLastError 96089->96092 96090->96075 96091->96084 96092->96081 96094->96075 96095->96077 96097 9253d1 96096->96097 96099 9253e6 96096->96099 96111 91f2c6 20 API calls __dosmaperr 96097->96111 96103 92540b 96099->96103 96113 91f2c6 20 API calls __dosmaperr 96099->96113 96100 9253d6 96112 91f2d9 20 API calls __dosmaperr 96100->96112 96103->96083 96104 925416 96114 91f2d9 20 API calls __dosmaperr 96104->96114 96105 9253de 96105->96083 96107 92541e 96115 9227ec 26 API calls __fread_nolock 96107->96115 96109->96087 96110->96090 96111->96100 96112->96105 96113->96104 96114->96107 96115->96105 96116 982a55 96124 961ebc 96116->96124 96119 982a70 96126 9539c0 22 API calls 96119->96126 96120 982a87 96122 982a7c 96127 95417d 22 API calls __fread_nolock 96122->96127 96125 961ec3 IsWindow 96124->96125 96125->96119 96125->96120 96126->96122 96127->96120 96128 8ff7bf 96129 8ffcb6 96128->96129 96130 8ff7d3 96128->96130 96131 8faceb 23 API calls 96129->96131 96132 8ffcc2 96130->96132 96133 90fddb 22 API calls 96130->96133 96131->96132 96134 8faceb 23 API calls 96132->96134 96135 8ff7e5 96133->96135 96137 8ffd3d 96134->96137 96135->96132 96136 8ff83e 96135->96136 96135->96137 96155 8fed9d messages 96136->96155 96163 901310 96136->96163 96220 961155 22 API calls 96137->96220 96140 944beb 96226 96359c 82 API calls __wsopen_s 96140->96226 96141 8ffef7 96141->96155 96222 8fa8c7 22 API calls __fread_nolock 96141->96222 96144 8ff3ae messages 96144->96155 96223 96359c 82 API calls __wsopen_s 96144->96223 96145 944600 96145->96155 96221 8fa8c7 22 API calls __fread_nolock 96145->96221 96146 944b0b 96224 96359c 82 API calls __wsopen_s 96146->96224 96147 8fa8c7 22 API calls 96151 8fec76 messages 96147->96151 96151->96140 96151->96141 96151->96144 96151->96145 96151->96146 96151->96147 96154 910242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96151->96154 96151->96155 96156 8fa961 22 API calls 96151->96156 96157 8ffbe3 96151->96157 96158 9100a3 29 API calls pre_c_initialization 96151->96158 96161 90fddb 22 API calls 96151->96161 96162 9101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96151->96162 96218 9001e0 348 API calls 2 library calls 96151->96218 96219 9006a0 41 API calls messages 96151->96219 96154->96151 96156->96151 96157->96144 96157->96155 96159 944bdc 96157->96159 96158->96151 96225 96359c 82 API calls __wsopen_s 96159->96225 96161->96151 96162->96151 96164 9017b0 96163->96164 96165 901376 96163->96165 96256 910242 5 API calls __Init_thread_wait 96164->96256 96166 901390 96165->96166 96167 946331 96165->96167 96170 901940 9 API calls 96166->96170 96171 94633d 96167->96171 96266 97709c 348 API calls 96167->96266 96169 9017ba 96173 9017fb 96169->96173 96257 8f9cb3 96169->96257 96174 9013a0 96170->96174 96171->96151 96178 946346 96173->96178 96180 90182c 96173->96180 96176 901940 9 API calls 96174->96176 96177 9013b6 96176->96177 96177->96173 96179 9013ec 96177->96179 96267 96359c 82 API calls __wsopen_s 96178->96267 96179->96178 96203 901408 __fread_nolock 96179->96203 96182 8faceb 23 API calls 96180->96182 96183 901839 96182->96183 96264 90d217 348 API calls 96183->96264 96184 9017d4 96263 9101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96184->96263 96187 94636e 96268 96359c 82 API calls __wsopen_s 96187->96268 96188 90152f 96190 9463d1 96188->96190 96191 90153c 96188->96191 96270 975745 54 API calls _wcslen 96190->96270 96193 901940 9 API calls 96191->96193 96195 901549 96193->96195 96194 90fddb 22 API calls 96194->96203 96199 901940 9 API calls 96195->96199 96202 9015c7 messages 96195->96202 96196 901872 96265 90faeb 23 API calls 96196->96265 96197 90fe0b 22 API calls 96197->96203 96206 901563 96199->96206 96200 90171d 96200->96151 96202->96196 96205 90167b messages 96202->96205 96207 901940 9 API calls 96202->96207 96227 90f645 96202->96227 96234 97a2ea 96202->96234 96239 965c5a 96202->96239 96244 97ab67 96202->96244 96247 97abf7 96202->96247 96252 981591 96202->96252 96272 96359c 82 API calls __wsopen_s 96202->96272 96203->96183 96203->96187 96203->96188 96203->96194 96203->96197 96203->96202 96204 8fec40 348 API calls 96203->96204 96208 9463b2 96203->96208 96204->96203 96205->96200 96255 90ce17 22 API calls messages 96205->96255 96206->96202 96271 8fa8c7 22 API calls __fread_nolock 96206->96271 96207->96202 96269 96359c 82 API calls __wsopen_s 96208->96269 96218->96151 96219->96151 96220->96155 96221->96155 96222->96155 96223->96155 96224->96155 96225->96140 96226->96155 96273 8fb567 96227->96273 96229 90f659 96230 90f661 timeGetTime 96229->96230 96231 94f2dc Sleep 96229->96231 96232 8fb567 39 API calls 96230->96232 96233 90f677 96232->96233 96233->96202 96279 8f7510 96234->96279 96238 97a315 96238->96202 96240 8f7510 53 API calls 96239->96240 96241 965c6d 96240->96241 96327 95dbbe lstrlenW 96241->96327 96243 965c77 96243->96202 96332 97aff9 96244->96332 96248 97aff9 217 API calls 96247->96248 96250 97ac0c 96248->96250 96249 97ac54 96249->96202 96250->96249 96251 8faceb 23 API calls 96250->96251 96251->96249 96454 982ad8 96252->96454 96254 98159f 96254->96202 96255->96205 96256->96169 96258 8f9cc2 _wcslen 96257->96258 96259 90fe0b 22 API calls 96258->96259 96260 8f9cea __fread_nolock 96259->96260 96261 90fddb 22 API calls 96260->96261 96262 8f9d00 96261->96262 96262->96184 96263->96173 96264->96196 96265->96196 96266->96171 96267->96202 96268->96202 96269->96202 96270->96206 96271->96202 96272->96202 96274 8fb578 96273->96274 96275 8fb57f 96273->96275 96274->96275 96278 9162d1 39 API calls _strftime 96274->96278 96275->96229 96277 8fb5c2 96277->96229 96278->96277 96280 8f7525 96279->96280 96296 8f7522 96279->96296 96281 8f752d 96280->96281 96282 8f755b 96280->96282 96312 9151c6 26 API calls 96281->96312 96285 8f756d 96282->96285 96291 9350f6 96282->96291 96293 93500f 96282->96293 96313 90fb21 51 API calls 96285->96313 96286 93510e 96286->96286 96289 90fddb 22 API calls 96292 8f7547 96289->96292 96290 8f753d 96290->96289 96315 915183 26 API calls 96291->96315 96294 8f9cb3 22 API calls 96292->96294 96295 90fe0b 22 API calls 96293->96295 96301 935088 96293->96301 96294->96296 96297 935058 96295->96297 96302 95d4dc CreateToolhelp32Snapshot Process32FirstW 96296->96302 96298 90fddb 22 API calls 96297->96298 96299 93507f 96298->96299 96300 8f9cb3 22 API calls 96299->96300 96300->96301 96314 90fb21 51 API calls 96301->96314 96316 95def7 96302->96316 96304 95d529 Process32NextW 96305 95d5db CloseHandle 96304->96305 96311 95d522 96304->96311 96305->96238 96306 8fa961 22 API calls 96306->96311 96307 8f9cb3 22 API calls 96307->96311 96311->96304 96311->96305 96311->96306 96311->96307 96322 8f525f 22 API calls 96311->96322 96323 8f6350 22 API calls 96311->96323 96324 90ce60 41 API calls 96311->96324 96312->96290 96313->96290 96314->96291 96315->96286 96320 95df02 96316->96320 96317 95df19 96326 9162fb 39 API calls _strftime 96317->96326 96320->96317 96321 95df1f 96320->96321 96325 9163b2 GetStringTypeW _strftime 96320->96325 96321->96311 96322->96311 96323->96311 96324->96311 96325->96320 96326->96321 96328 95dc06 96327->96328 96329 95dbdc GetFileAttributesW 96327->96329 96328->96243 96329->96328 96330 95dbe8 FindFirstFileW 96329->96330 96330->96328 96331 95dbf9 FindClose 96330->96331 96331->96328 96333 97b01d ___scrt_fastfail 96332->96333 96334 97b094 96333->96334 96335 97b058 96333->96335 96339 8fb567 39 API calls 96334->96339 96340 97b08b 96334->96340 96336 8fb567 39 API calls 96335->96336 96337 97b063 96336->96337 96337->96340 96343 8fb567 39 API calls 96337->96343 96338 97b0ed 96341 8f7510 53 API calls 96338->96341 96342 97b0a5 96339->96342 96340->96338 96344 8fb567 39 API calls 96340->96344 96345 97b10b 96341->96345 96346 8fb567 39 API calls 96342->96346 96347 97b078 96343->96347 96344->96338 96423 8f7620 96345->96423 96346->96340 96349 8fb567 39 API calls 96347->96349 96349->96340 96350 97b115 96351 97b11f 96350->96351 96352 97b1d8 96350->96352 96354 8f7510 53 API calls 96351->96354 96353 97b20a GetCurrentDirectoryW 96352->96353 96357 8f7510 53 API calls 96352->96357 96355 90fe0b 22 API calls 96353->96355 96356 97b130 96354->96356 96358 97b22f GetCurrentDirectoryW 96355->96358 96359 8f7620 22 API calls 96356->96359 96360 97b1ef 96357->96360 96361 97b23c 96358->96361 96362 97b13a 96359->96362 96363 8f7620 22 API calls 96360->96363 96368 97b275 96361->96368 96430 8f9c6e 22 API calls 96361->96430 96364 8f7510 53 API calls 96362->96364 96369 97b1f9 _wcslen 96363->96369 96365 97b14b 96364->96365 96367 8f7620 22 API calls 96365->96367 96371 97b155 96367->96371 96374 97b287 96368->96374 96375 97b28b 96368->96375 96369->96353 96369->96368 96370 97b255 96431 8f9c6e 22 API calls 96370->96431 96373 8f7510 53 API calls 96371->96373 96377 97b166 96373->96377 96380 97b39a CreateProcessW 96374->96380 96381 97b2f8 96374->96381 96433 9607c0 10 API calls 96375->96433 96376 97b265 96432 8f9c6e 22 API calls 96376->96432 96383 8f7620 22 API calls 96377->96383 96379 97b294 96434 9606e6 10 API calls 96379->96434 96422 97b32f _wcslen 96380->96422 96436 9511c8 39 API calls 96381->96436 96386 97b170 96383->96386 96389 97b1a6 GetSystemDirectoryW 96386->96389 96394 8f7510 53 API calls 96386->96394 96387 97b2aa 96435 9605a7 8 API calls 96387->96435 96388 97b2fd 96392 97b323 96388->96392 96393 97b32a 96388->96393 96391 90fe0b 22 API calls 96389->96391 96396 97b1cb GetSystemDirectoryW 96391->96396 96437 951201 128 API calls 2 library calls 96392->96437 96438 9514ce 6 API calls 96393->96438 96398 97b187 96394->96398 96395 97b2d0 96395->96374 96396->96361 96401 8f7620 22 API calls 96398->96401 96400 97b328 96400->96422 96404 97b191 _wcslen 96401->96404 96402 97b3d6 GetLastError 96412 97b41a 96402->96412 96403 97b42f CloseHandle 96405 97b43f 96403->96405 96413 97b49a 96403->96413 96404->96361 96404->96389 96406 97b446 CloseHandle 96405->96406 96407 97b451 96405->96407 96406->96407 96409 97b463 96407->96409 96410 97b458 CloseHandle 96407->96410 96414 97b475 96409->96414 96415 97b46a CloseHandle 96409->96415 96410->96409 96411 97b4a6 96411->96412 96427 960175 96412->96427 96413->96411 96418 97b4d2 CloseHandle 96413->96418 96439 9609d9 34 API calls 96414->96439 96415->96414 96418->96412 96420 97b486 96440 97b536 25 API calls 96420->96440 96422->96402 96422->96403 96424 8f762a _wcslen 96423->96424 96425 90fe0b 22 API calls 96424->96425 96426 8f763f 96425->96426 96426->96350 96441 96030f 96427->96441 96430->96370 96431->96376 96432->96368 96433->96379 96434->96387 96435->96395 96436->96388 96437->96400 96438->96422 96439->96420 96440->96413 96442 960321 CloseHandle 96441->96442 96443 960329 96441->96443 96442->96443 96444 960336 96443->96444 96445 96032e CloseHandle 96443->96445 96446 960343 96444->96446 96447 96033b CloseHandle 96444->96447 96445->96444 96448 960350 96446->96448 96449 960348 CloseHandle 96446->96449 96447->96446 96450 960355 CloseHandle 96448->96450 96451 96035d 96448->96451 96449->96448 96450->96451 96452 960362 CloseHandle 96451->96452 96453 96017d 96451->96453 96452->96453 96453->96202 96455 8faceb 23 API calls 96454->96455 96456 982af3 96455->96456 96457 982b1d 96456->96457 96458 982aff 96456->96458 96459 8f6b57 22 API calls 96457->96459 96460 8f7510 53 API calls 96458->96460 96461 982b1b 96459->96461 96462 982b0c 96460->96462 96461->96254 96462->96461 96464 8fa8c7 22 API calls __fread_nolock 96462->96464 96464->96461 96465 928402 96470 9281be 96465->96470 96468 92842a 96475 9281ef try_get_first_available_module 96470->96475 96472 9283ee 96489 9227ec 26 API calls __fread_nolock 96472->96489 96474 928343 96474->96468 96482 930984 96474->96482 96481 928338 96475->96481 96485 918e0b 40 API calls 2 library calls 96475->96485 96477 92838c 96477->96481 96486 918e0b 40 API calls 2 library calls 96477->96486 96479 9283ab 96479->96481 96487 918e0b 40 API calls 2 library calls 96479->96487 96481->96474 96488 91f2d9 20 API calls __dosmaperr 96481->96488 96490 930081 96482->96490 96484 93099f 96484->96468 96485->96477 96486->96479 96487->96481 96488->96472 96489->96474 96493 93008d ___scrt_is_nonwritable_in_current_image 96490->96493 96491 93009b 96548 91f2d9 20 API calls __dosmaperr 96491->96548 96493->96491 96495 9300d4 96493->96495 96494 9300a0 96549 9227ec 26 API calls __fread_nolock 96494->96549 96501 93065b 96495->96501 96500 9300aa __fread_nolock 96500->96484 96551 93042f 96501->96551 96504 9306a6 96569 925221 96504->96569 96505 93068d 96583 91f2c6 20 API calls __dosmaperr 96505->96583 96508 9306ab 96509 9306b4 96508->96509 96510 9306cb 96508->96510 96585 91f2c6 20 API calls __dosmaperr 96509->96585 96582 93039a CreateFileW 96510->96582 96514 9306b9 96586 91f2d9 20 API calls __dosmaperr 96514->96586 96516 930781 GetFileType 96517 9307d3 96516->96517 96518 93078c GetLastError 96516->96518 96591 92516a 21 API calls 3 library calls 96517->96591 96589 91f2a3 20 API calls 2 library calls 96518->96589 96519 930756 GetLastError 96588 91f2a3 20 API calls 2 library calls 96519->96588 96520 930704 96520->96516 96520->96519 96587 93039a CreateFileW 96520->96587 96524 930692 96584 91f2d9 20 API calls __dosmaperr 96524->96584 96525 93079a CloseHandle 96525->96524 96528 9307c3 96525->96528 96527 930749 96527->96516 96527->96519 96590 91f2d9 20 API calls __dosmaperr 96528->96590 96529 9307f4 96531 930840 96529->96531 96592 9305ab 72 API calls 4 library calls 96529->96592 96536 93086d 96531->96536 96593 93014d 72 API calls 4 library calls 96531->96593 96532 9307c8 96532->96524 96535 930866 96535->96536 96537 93087e 96535->96537 96538 9286ae __wsopen_s 29 API calls 96536->96538 96539 9300f8 96537->96539 96540 9308fc CloseHandle 96537->96540 96538->96539 96550 930121 LeaveCriticalSection __wsopen_s 96539->96550 96594 93039a CreateFileW 96540->96594 96542 930927 96543 93095d 96542->96543 96544 930931 GetLastError 96542->96544 96543->96539 96595 91f2a3 20 API calls 2 library calls 96544->96595 96546 93093d 96596 925333 21 API calls 3 library calls 96546->96596 96548->96494 96549->96500 96550->96500 96552 930450 96551->96552 96558 93046a 96551->96558 96552->96558 96604 91f2d9 20 API calls __dosmaperr 96552->96604 96555 93045f 96605 9227ec 26 API calls __fread_nolock 96555->96605 96557 9304a2 96559 9304d1 96557->96559 96606 91f2d9 20 API calls __dosmaperr 96557->96606 96597 9303bf 96558->96597 96566 930524 96559->96566 96608 91d70d 26 API calls 2 library calls 96559->96608 96562 93051f 96564 93059e 96562->96564 96562->96566 96563 9304c6 96607 9227ec 26 API calls __fread_nolock 96563->96607 96609 9227fc 11 API calls _abort 96564->96609 96566->96504 96566->96505 96568 9305aa 96570 92522d ___scrt_is_nonwritable_in_current_image 96569->96570 96612 922f5e EnterCriticalSection 96570->96612 96573 925259 96616 925000 21 API calls 3 library calls 96573->96616 96574 925234 96574->96573 96578 9252c7 EnterCriticalSection 96574->96578 96581 92527b 96574->96581 96575 9252a4 __fread_nolock 96575->96508 96577 92525e 96577->96581 96617 925147 EnterCriticalSection 96577->96617 96580 9252d4 LeaveCriticalSection 96578->96580 96578->96581 96580->96574 96613 92532a 96581->96613 96582->96520 96583->96524 96584->96539 96585->96514 96586->96524 96587->96527 96588->96524 96589->96525 96590->96532 96591->96529 96592->96531 96593->96535 96594->96542 96595->96546 96596->96543 96600 9303d7 96597->96600 96598 9303f2 96598->96557 96600->96598 96610 91f2d9 20 API calls __dosmaperr 96600->96610 96601 930416 96611 9227ec 26 API calls __fread_nolock 96601->96611 96603 930421 96603->96557 96604->96555 96605->96558 96606->96563 96607->96559 96608->96562 96609->96568 96610->96601 96611->96603 96612->96574 96618 922fa6 LeaveCriticalSection 96613->96618 96615 925331 96615->96575 96616->96577 96617->96581 96618->96615 96619 932402 96622 8f1410 96619->96622 96623 8f144f mciSendStringW 96622->96623 96624 9324b8 DestroyWindow 96622->96624 96625 8f146b 96623->96625 96626 8f16c6 96623->96626 96636 9324c4 96624->96636 96627 8f1479 96625->96627 96625->96636 96626->96625 96628 8f16d5 UnregisterHotKey 96626->96628 96655 8f182e 96627->96655 96628->96626 96630 9324e2 FindClose 96630->96636 96631 9324d8 96631->96636 96661 8f6246 CloseHandle 96631->96661 96633 932509 96637 93252d 96633->96637 96638 93251c FreeLibrary 96633->96638 96635 8f148e 96635->96637 96645 8f149c 96635->96645 96636->96630 96636->96631 96636->96633 96639 932541 VirtualFree 96637->96639 96646 8f1509 96637->96646 96638->96633 96639->96637 96640 8f14f8 CoUninitialize 96640->96646 96641 932589 96648 932598 messages 96641->96648 96662 9632eb 6 API calls messages 96641->96662 96642 8f1514 96643 8f1524 96642->96643 96659 8f1944 VirtualFreeEx CloseHandle 96643->96659 96645->96640 96646->96641 96646->96642 96651 932627 96648->96651 96663 9564d4 22 API calls messages 96648->96663 96650 8f153a 96650->96648 96652 8f161f 96650->96652 96651->96651 96652->96651 96660 8f1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96652->96660 96654 8f16c1 96657 8f183b 96655->96657 96656 8f1480 96656->96633 96656->96635 96657->96656 96664 95702a 22 API calls 96657->96664 96659->96650 96660->96654 96661->96631 96662->96641 96663->96648 96664->96657 96665 8fdefc 96668 8f1d6f 96665->96668 96667 8fdf07 96669 8f1d8c 96668->96669 96677 8f1f6f 96669->96677 96671 8f1da6 96672 932759 96671->96672 96674 8f1e36 96671->96674 96675 8f1dc2 96671->96675 96681 96359c 82 API calls __wsopen_s 96672->96681 96674->96667 96675->96674 96680 8f289a 23 API calls 96675->96680 96678 8fec40 348 API calls 96677->96678 96679 8f1f98 96678->96679 96679->96671 96680->96674 96681->96674 96682 942a00 96692 8fd7b0 messages 96682->96692 96683 8fd9d5 96684 8fdb11 PeekMessageW 96684->96692 96685 8fd807 GetInputState 96685->96684 96685->96692 96686 941cbe TranslateAcceleratorW 96686->96692 96688 8fdb8f PeekMessageW 96688->96692 96689 8fda04 timeGetTime 96689->96692 96690 8fdb73 TranslateMessage DispatchMessageW 96690->96688 96691 8fdbaf Sleep 96691->96692 96692->96683 96692->96684 96692->96685 96692->96686 96692->96688 96692->96689 96692->96690 96692->96691 96693 942b74 Sleep 96692->96693 96695 942a51 96692->96695 96697 941dda timeGetTime 96692->96697 96710 8fec40 348 API calls 96692->96710 96711 901310 348 API calls 96692->96711 96712 8fbf40 348 API calls 96692->96712 96714 8fdd50 96692->96714 96721 90edf6 96692->96721 96726 8fdfd0 348 API calls 3 library calls 96692->96726 96727 90e551 timeGetTime 96692->96727 96729 963a2a 23 API calls 96692->96729 96730 96359c 82 API calls __wsopen_s 96692->96730 96693->96695 96695->96683 96695->96692 96698 95d4dc 47 API calls 96695->96698 96700 942c0b GetExitCodeProcess 96695->96700 96701 9829bf GetForegroundWindow 96695->96701 96705 942ca9 Sleep 96695->96705 96731 975658 23 API calls 96695->96731 96732 95e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96695->96732 96733 90e551 timeGetTime 96695->96733 96728 90e300 23 API calls 96697->96728 96698->96695 96703 942c37 CloseHandle 96700->96703 96704 942c21 WaitForSingleObject 96700->96704 96701->96695 96703->96695 96704->96692 96704->96703 96705->96692 96710->96692 96711->96692 96712->96692 96715 8fdd6f 96714->96715 96716 8fdd83 96714->96716 96734 8fd260 96715->96734 96766 96359c 82 API calls __wsopen_s 96716->96766 96719 8fdd7a 96719->96692 96720 942f75 96720->96720 96723 90ee09 96721->96723 96725 90ee12 96721->96725 96722 90ee36 IsDialogMessageW 96722->96723 96722->96725 96723->96692 96724 94efaf GetClassLongW 96724->96722 96724->96725 96725->96722 96725->96723 96725->96724 96726->96692 96727->96692 96728->96692 96729->96692 96730->96692 96731->96695 96732->96695 96733->96695 96735 8fec40 348 API calls 96734->96735 96736 8fd29d 96735->96736 96737 8fd6d5 96736->96737 96738 8fd30b messages 96736->96738 96740 8fd3c3 96736->96740 96746 8fd4b8 96736->96746 96750 90fddb 22 API calls 96736->96750 96752 941bc4 96736->96752 96761 8fd429 __fread_nolock messages 96736->96761 96737->96738 96747 90fe0b 22 API calls 96737->96747 96738->96719 96740->96737 96742 8fd3ce 96740->96742 96741 8fd5ff 96744 941bb5 96741->96744 96745 8fd614 96741->96745 96743 90fddb 22 API calls 96742->96743 96755 8fd3d5 __fread_nolock 96743->96755 96771 975705 23 API calls 96744->96771 96749 90fddb 22 API calls 96745->96749 96751 90fe0b 22 API calls 96746->96751 96747->96755 96759 8fd46a 96749->96759 96750->96736 96751->96761 96772 96359c 82 API calls __wsopen_s 96752->96772 96753 90fddb 22 API calls 96754 8fd3f6 96753->96754 96754->96761 96767 8fbec0 348 API calls 96754->96767 96755->96753 96755->96754 96757 941ba4 96770 96359c 82 API calls __wsopen_s 96757->96770 96759->96719 96760 8f1f6f 348 API calls 96760->96761 96761->96741 96761->96757 96761->96759 96761->96760 96762 941b7f 96761->96762 96764 941b5d 96761->96764 96769 96359c 82 API calls __wsopen_s 96762->96769 96768 96359c 82 API calls __wsopen_s 96764->96768 96766->96720 96767->96761 96768->96759 96769->96759 96770->96759 96771->96752 96772->96738 96773 8f105b 96778 8f344d 96773->96778 96775 8f106a 96809 9100a3 29 API calls __onexit 96775->96809 96777 8f1074 96779 8f345d __wsopen_s 96778->96779 96780 8fa961 22 API calls 96779->96780 96781 8f3513 96780->96781 96810 8f3a5a 96781->96810 96783 8f351c 96817 8f3357 96783->96817 96788 8f515f 22 API calls 96789 8f3544 96788->96789 96790 8fa961 22 API calls 96789->96790 96791 8f354d 96790->96791 96792 8fa6c3 22 API calls 96791->96792 96793 8f3556 RegOpenKeyExW 96792->96793 96794 933176 RegQueryValueExW 96793->96794 96800 8f3578 96793->96800 96795 933193 96794->96795 96796 93320c RegCloseKey 96794->96796 96798 90fe0b 22 API calls 96795->96798 96797 93321e _wcslen 96796->96797 96796->96800 96797->96800 96806 8f9cb3 22 API calls 96797->96806 96807 8f515f 22 API calls 96797->96807 96808 8f4c6d 22 API calls 96797->96808 96799 9331ac 96798->96799 96801 8f5722 22 API calls 96799->96801 96800->96775 96802 9331b7 RegQueryValueExW 96801->96802 96803 9331d4 96802->96803 96805 9331ee messages 96802->96805 96804 8f6b57 22 API calls 96803->96804 96804->96805 96805->96796 96806->96797 96807->96797 96808->96797 96809->96777 96811 931f50 __wsopen_s 96810->96811 96812 8f3a67 GetModuleFileNameW 96811->96812 96813 8f9cb3 22 API calls 96812->96813 96814 8f3a8d 96813->96814 96815 8f3aa2 23 API calls 96814->96815 96816 8f3a97 96815->96816 96816->96783 96818 931f50 __wsopen_s 96817->96818 96819 8f3364 GetFullPathNameW 96818->96819 96820 8f3386 96819->96820 96821 8f6b57 22 API calls 96820->96821 96822 8f33a4 96821->96822 96823 8f33c6 96822->96823 96824 8f33dd 96823->96824 96825 9330bb 96823->96825 96832 8f33ee 96824->96832 96827 90fddb 22 API calls 96825->96827 96829 9330c5 _wcslen 96827->96829 96828 8f33e8 96828->96788 96830 90fe0b 22 API calls 96829->96830 96831 9330fe __fread_nolock 96830->96831 96833 8f33fe _wcslen 96832->96833 96834 93311d 96833->96834 96835 8f3411 96833->96835 96836 90fddb 22 API calls 96834->96836 96842 8fa587 96835->96842 96839 933127 96836->96839 96838 8f341e __fread_nolock 96838->96828 96840 90fe0b 22 API calls 96839->96840 96841 933157 __fread_nolock 96840->96841 96843 8fa59d 96842->96843 96846 8fa598 __fread_nolock 96842->96846 96844 93f80f 96843->96844 96845 90fe0b 22 API calls 96843->96845 96845->96846 96846->96838 96847 932ba5 96848 8f2b25 96847->96848 96849 932baf 96847->96849 96875 8f2b83 7 API calls 96848->96875 96851 8f3a5a 24 API calls 96849->96851 96853 932bb8 96851->96853 96855 8f9cb3 22 API calls 96853->96855 96856 932bc6 96855->96856 96858 932bf5 96856->96858 96859 932bce 96856->96859 96857 8f2b2f 96862 8f2b44 96857->96862 96879 8f3837 96857->96879 96863 8f33c6 22 API calls 96858->96863 96861 8f33c6 22 API calls 96859->96861 96864 932bd9 96861->96864 96867 8f2b5f 96862->96867 96889 8f30f2 96862->96889 96865 932bf1 GetForegroundWindow ShellExecuteW 96863->96865 96893 8f6350 22 API calls 96864->96893 96871 932c26 96865->96871 96873 8f2b66 SetCurrentDirectoryW 96867->96873 96869 932be7 96872 8f33c6 22 API calls 96869->96872 96871->96867 96872->96865 96874 8f2b7a 96873->96874 96894 8f2cd4 7 API calls 96875->96894 96877 8f2b2a 96878 8f2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96877->96878 96878->96857 96880 8f3862 ___scrt_fastfail 96879->96880 96895 8f4212 96880->96895 96883 8f38e8 96885 933386 Shell_NotifyIconW 96883->96885 96886 8f3906 Shell_NotifyIconW 96883->96886 96899 8f3923 96886->96899 96888 8f391c 96888->96862 96890 8f3154 96889->96890 96891 8f3104 ___scrt_fastfail 96889->96891 96890->96867 96892 8f3123 Shell_NotifyIconW 96891->96892 96892->96890 96893->96869 96894->96877 96896 9335a4 96895->96896 96897 8f38b7 96895->96897 96896->96897 96898 9335ad DestroyIcon 96896->96898 96897->96883 96921 95c874 42 API calls _strftime 96897->96921 96898->96897 96900 8f393f 96899->96900 96918 8f3a13 96899->96918 96922 8f6270 96900->96922 96903 933393 LoadStringW 96906 9333ad 96903->96906 96904 8f395a 96905 8f6b57 22 API calls 96904->96905 96907 8f396f 96905->96907 96920 8f3994 ___scrt_fastfail 96906->96920 96928 8fa8c7 22 API calls __fread_nolock 96906->96928 96908 8f397c 96907->96908 96909 9333c9 96907->96909 96908->96906 96911 8f3986 96908->96911 96929 8f6350 22 API calls 96909->96929 96927 8f6350 22 API calls 96911->96927 96914 9333d7 96915 8f33c6 22 API calls 96914->96915 96914->96920 96917 9333f9 96915->96917 96916 8f39f9 Shell_NotifyIconW 96916->96918 96919 8f33c6 22 API calls 96917->96919 96918->96888 96919->96920 96920->96916 96921->96883 96923 90fe0b 22 API calls 96922->96923 96924 8f6295 96923->96924 96925 90fddb 22 API calls 96924->96925 96926 8f394d 96925->96926 96926->96903 96926->96904 96927->96920 96928->96920 96929->96914 96930 8f1098 96935 8f42de 96930->96935 96934 8f10a7 96936 8fa961 22 API calls 96935->96936 96937 8f42f5 GetVersionExW 96936->96937 96938 8f6b57 22 API calls 96937->96938 96939 8f4342 96938->96939 96940 8f93b2 22 API calls 96939->96940 96954 8f4378 96939->96954 96941 8f436c 96940->96941 96943 8f37a0 22 API calls 96941->96943 96942 8f441b GetCurrentProcess IsWow64Process 96944 8f4437 96942->96944 96943->96954 96945 8f444f LoadLibraryA 96944->96945 96946 933824 GetSystemInfo 96944->96946 96947 8f449c GetSystemInfo 96945->96947 96948 8f4460 GetProcAddress 96945->96948 96950 8f4476 96947->96950 96948->96947 96949 8f4470 GetNativeSystemInfo 96948->96949 96949->96950 96952 8f447a FreeLibrary 96950->96952 96953 8f109d 96950->96953 96951 9337df 96952->96953 96955 9100a3 29 API calls __onexit 96953->96955 96954->96942 96954->96951 96955->96934 96956 8f2e37 96957 8fa961 22 API calls 96956->96957 96958 8f2e4d 96957->96958 97035 8f4ae3 96958->97035 96960 8f2e6b 96961 8f3a5a 24 API calls 96960->96961 96962 8f2e7f 96961->96962 96963 8f9cb3 22 API calls 96962->96963 96964 8f2e8c 96963->96964 96965 8f4ecb 94 API calls 96964->96965 96966 8f2ea5 96965->96966 96967 8f2ead 96966->96967 96968 932cb0 96966->96968 97049 8fa8c7 22 API calls __fread_nolock 96967->97049 96969 962cf9 80 API calls 96968->96969 96970 932cc3 96969->96970 96972 932ccf 96970->96972 96973 8f4f39 68 API calls 96970->96973 96976 8f4f39 68 API calls 96972->96976 96973->96972 96974 8f2ec3 97050 8f6f88 22 API calls 96974->97050 96978 932ce5 96976->96978 96977 8f2ecf 96979 8f9cb3 22 API calls 96977->96979 97067 8f3084 22 API calls 96978->97067 96980 8f2edc 96979->96980 97051 8fa81b 41 API calls 96980->97051 96983 8f2eec 96985 8f9cb3 22 API calls 96983->96985 96984 932d02 97068 8f3084 22 API calls 96984->97068 96986 8f2f12 96985->96986 97052 8fa81b 41 API calls 96986->97052 96989 932d1e 96990 8f3a5a 24 API calls 96989->96990 96991 932d44 96990->96991 97069 8f3084 22 API calls 96991->97069 96992 8f2f21 96995 8fa961 22 API calls 96992->96995 96994 932d50 97070 8fa8c7 22 API calls __fread_nolock 96994->97070 96997 8f2f3f 96995->96997 97053 8f3084 22 API calls 96997->97053 96998 932d5e 97071 8f3084 22 API calls 96998->97071 97001 8f2f4b 97054 914a28 40 API calls 3 library calls 97001->97054 97002 932d6d 97072 8fa8c7 22 API calls __fread_nolock 97002->97072 97004 8f2f59 97004->96978 97005 8f2f63 97004->97005 97055 914a28 40 API calls 3 library calls 97005->97055 97008 8f2f6e 97008->96984 97010 8f2f78 97008->97010 97009 932d83 97073 8f3084 22 API calls 97009->97073 97056 914a28 40 API calls 3 library calls 97010->97056 97013 932d90 97014 8f2f83 97014->96989 97015 8f2f8d 97014->97015 97057 914a28 40 API calls 3 library calls 97015->97057 97017 8f2f98 97018 8f2fdc 97017->97018 97058 8f3084 22 API calls 97017->97058 97018->97002 97019 8f2fe8 97018->97019 97019->97013 97061 8f63eb 22 API calls 97019->97061 97022 8f2fbf 97059 8fa8c7 22 API calls __fread_nolock 97022->97059 97023 8f2ff8 97062 8f6a50 22 API calls 97023->97062 97026 8f2fcd 97060 8f3084 22 API calls 97026->97060 97028 8f3006 97063 8f70b0 23 API calls 97028->97063 97032 8f3021 97033 8f3065 97032->97033 97064 8f6f88 22 API calls 97032->97064 97065 8f70b0 23 API calls 97032->97065 97066 8f3084 22 API calls 97032->97066 97036 8f4af0 __wsopen_s 97035->97036 97037 8f6b57 22 API calls 97036->97037 97038 8f4b22 97036->97038 97037->97038 97048 8f4b58 97038->97048 97074 8f4c6d 97038->97074 97040 8f4c29 97041 8f9cb3 22 API calls 97040->97041 97044 8f4c5e 97040->97044 97043 8f4c52 97041->97043 97042 8f9cb3 22 API calls 97042->97048 97045 8f515f 22 API calls 97043->97045 97044->96960 97045->97044 97046 8f4c6d 22 API calls 97046->97048 97047 8f515f 22 API calls 97047->97048 97048->97040 97048->97042 97048->97046 97048->97047 97049->96974 97050->96977 97051->96983 97052->96992 97053->97001 97054->97004 97055->97008 97056->97014 97057->97017 97058->97022 97059->97026 97060->97018 97061->97023 97062->97028 97063->97032 97064->97032 97065->97032 97066->97032 97067->96984 97068->96989 97069->96994 97070->96998 97071->97002 97072->97009 97073->97013 97075 8faec9 22 API calls 97074->97075 97076 8f4c78 97075->97076 97076->97038 97077 8f3156 97080 8f3170 97077->97080 97081 8f3187 97080->97081 97082 8f318c 97081->97082 97083 8f31eb 97081->97083 97120 8f31e9 97081->97120 97086 8f3199 97082->97086 97087 8f3265 PostQuitMessage 97082->97087 97084 932dfb 97083->97084 97085 8f31f1 97083->97085 97135 8f18e2 10 API calls 97084->97135 97089 8f321d SetTimer RegisterWindowMessageW 97085->97089 97090 8f31f8 97085->97090 97092 8f31a4 97086->97092 97093 932e7c 97086->97093 97110 8f316a 97087->97110 97088 8f31d0 DefWindowProcW 97088->97110 97097 8f3246 CreatePopupMenu 97089->97097 97089->97110 97094 8f3201 KillTimer 97090->97094 97095 932d9c 97090->97095 97098 8f31ae 97092->97098 97099 932e68 97092->97099 97138 95bf30 34 API calls ___scrt_fastfail 97093->97138 97101 8f30f2 Shell_NotifyIconW 97094->97101 97107 932da1 97095->97107 97108 932dd7 MoveWindow 97095->97108 97096 932e1c 97136 90e499 42 API calls 97096->97136 97097->97110 97104 8f31b9 97098->97104 97105 932e4d 97098->97105 97125 95c161 97099->97125 97109 8f3214 97101->97109 97111 8f31c4 97104->97111 97112 8f3253 97104->97112 97105->97088 97137 950ad7 22 API calls 97105->97137 97106 932e8e 97106->97088 97106->97110 97113 932da7 97107->97113 97114 932dc6 SetFocus 97107->97114 97108->97110 97132 8f3c50 DeleteObject DestroyWindow 97109->97132 97111->97088 97122 8f30f2 Shell_NotifyIconW 97111->97122 97133 8f326f 44 API calls ___scrt_fastfail 97112->97133 97113->97111 97115 932db0 97113->97115 97114->97110 97134 8f18e2 10 API calls 97115->97134 97120->97088 97121 8f3263 97121->97110 97123 932e41 97122->97123 97124 8f3837 49 API calls 97123->97124 97124->97120 97126 95c276 97125->97126 97127 95c179 ___scrt_fastfail 97125->97127 97126->97110 97128 8f3923 24 API calls 97127->97128 97130 95c1a0 97128->97130 97129 95c25f KillTimer SetTimer 97129->97126 97130->97129 97131 95c251 Shell_NotifyIconW 97130->97131 97131->97129 97132->97110 97133->97121 97134->97110 97135->97096 97136->97111 97137->97120 97138->97106 97139 8f1033 97144 8f4c91 97139->97144 97143 8f1042 97145 8fa961 22 API calls 97144->97145 97146 8f4cff 97145->97146 97152 8f3af0 97146->97152 97149 8f4d9c 97150 8f1038 97149->97150 97155 8f51f7 22 API calls __fread_nolock 97149->97155 97151 9100a3 29 API calls __onexit 97150->97151 97151->97143 97156 8f3b1c 97152->97156 97155->97149 97157 8f3b29 97156->97157 97158 8f3b0f 97156->97158 97157->97158 97159 8f3b30 RegOpenKeyExW 97157->97159 97158->97149 97159->97158 97160 8f3b4a RegQueryValueExW 97159->97160 97161 8f3b6b 97160->97161 97162 8f3b80 RegCloseKey 97160->97162 97161->97162 97162->97158

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 008F42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 392 8f42de-8f434d call 8fa961 GetVersionExW call 8f6b57 397 933617-93362a 392->397 398 8f4353 392->398 399 93362b-93362f 397->399 400 8f4355-8f4357 398->400 403 933632-93363e 399->403 404 933631 399->404 401 8f435d-8f43bc call 8f93b2 call 8f37a0 400->401 402 933656 400->402 420 9337df-9337e6 401->420 421 8f43c2-8f43c4 401->421 407 93365d-933660 402->407 403->399 406 933640-933642 403->406 404->403 406->400 409 933648-93364f 406->409 410 8f441b-8f4435 GetCurrentProcess IsWow64Process 407->410 411 933666-9336a8 407->411 409->397 413 933651 409->413 416 8f4437 410->416 417 8f4494-8f449a 410->417 411->410 414 9336ae-9336b1 411->414 413->402 418 9336b3-9336bd 414->418 419 9336db-9336e5 414->419 422 8f443d-8f4449 416->422 417->422 423 9336ca-9336d6 418->423 424 9336bf-9336c5 418->424 426 9336e7-9336f3 419->426 427 9336f8-933702 419->427 428 933806-933809 420->428 429 9337e8 420->429 421->407 425 8f43ca-8f43dd 421->425 430 8f444f-8f445e LoadLibraryA 422->430 431 933824-933828 GetSystemInfo 422->431 423->410 424->410 432 933726-93372f 425->432 433 8f43e3-8f43e5 425->433 426->410 435 933715-933721 427->435 436 933704-933710 427->436 437 9337f4-9337fc 428->437 438 93380b-93381a 428->438 434 9337ee 429->434 439 8f449c-8f44a6 GetSystemInfo 430->439 440 8f4460-8f446e GetProcAddress 430->440 445 933731-933737 432->445 446 93373c-933748 432->446 443 8f43eb-8f43ee 433->443 444 93374d-933762 433->444 434->437 435->410 436->410 437->428 438->434 447 93381c-933822 438->447 442 8f4476-8f4478 439->442 440->439 441 8f4470-8f4474 GetNativeSystemInfo 440->441 441->442 448 8f447a-8f447b FreeLibrary 442->448 449 8f4481-8f4493 442->449 450 933791-933794 443->450 451 8f43f4-8f440f 443->451 452 933764-93376a 444->452 453 93376f-93377b 444->453 445->410 446->410 447->437 448->449 450->410 454 93379a-9337c1 450->454 455 933780-93378c 451->455 456 8f4415 451->456 452->410 453->410 457 9337c3-9337c9 454->457 458 9337ce-9337da 454->458 455->410 456->410 457->410 458->410
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 008F430D
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,0098CB64,00000000,?,?), ref: 008F4422
                                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 008F4429
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 008F4454
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 008F4466
                                                                                                                                                                                                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 008F4474
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 008F447B
                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 008F44A0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                                          • Opcode ID: 9ae6626ae4ce1213e3c470e772e2a5d297c80db4a36ed485de23b59124e57603
                                                                                                                                                                                                          • Instruction ID: 6738fb1f2eaf36c6373c33b92e69cc0e10ad161c1f305a7a5ab0976416e3188e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ae6626ae4ce1213e3c470e772e2a5d297c80db4a36ed485de23b59124e57603
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BA19061D3E2C4CFC712D7797C859A53EA4BB7730CB04A599E042A3A63D2204648EB2D
                                                                                                                                                                                                          Function 008F42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 953 8f42a2-8f42ba CreateStreamOnHGlobal 954 8f42bc-8f42d3 FindResourceExW 953->954 955 8f42da-8f42dd 953->955 956 8f42d9 954->956 957 9335ba-9335c9 LoadResource 954->957 956->955 957->956 958 9335cf-9335dd SizeofResource 957->958 958->956 959 9335e3-9335ee LockResource 958->959 959->956 960 9335f4-9335fc 959->960 961 933600-933612 960->961 961->956
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008F50AA,?,?,00000000,00000000), ref: 008F42B2
                                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008F50AA,?,?,00000000,00000000), ref: 008F42C9
                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,008F50AA,?,?,00000000,00000000,?,?,?,?,?,?,008F4F20), ref: 009335BE
                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,008F50AA,?,?,00000000,00000000,?,?,?,?,?,?,008F4F20), ref: 009335D3
                                                                                                                                                                                                          • LockResource.KERNEL32(008F50AA,?,?,008F50AA,?,?,00000000,00000000,?,?,?,?,?,?,008F4F20,?), ref: 009335E6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                          • Opcode ID: 6576f4f3ad2679a9e0606771466acf2e003b5cbac777c18152692135e9e56fbb
                                                                                                                                                                                                          • Instruction ID: a0a7562e83b813c6049edfce548ee3b05cff45fdf1dca87872840061f4706c98
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6576f4f3ad2679a9e0606771466acf2e003b5cbac777c18152692135e9e56fbb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2117CB0200705BFD7218B75DC48F277BB9EBC5B51F10816EB512D66A0DBB2D8009B30
                                                                                                                                                                                                          Function 00932BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 008F2B6B
                                                                                                                                                                                                            • Part of subcall function 008F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009C1418,?,008F2E7F,?,?,?,00000000), ref: 008F3A78
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,009B2224), ref: 00932C10
                                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?,009B2224), ref: 00932C17
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                          • String ID: runas
                                                                                                                                                                                                          • API String ID: 448630720-4000483414
                                                                                                                                                                                                          • Opcode ID: 6393f513acddb96a189126d864f2efa8c0e0798dbb9b200bebdcbd6c24ae299f
                                                                                                                                                                                                          • Instruction ID: 7fb4ff9140dffbcaeea5103f5d5b42e1242120f5e27275f7c5f47323fa551a21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6393f513acddb96a189126d864f2efa8c0e0798dbb9b200bebdcbd6c24ae299f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2511A231508309AAC719FF78D852EBEB7A4FB95350F44142DF682D21A3DF218A499713
                                                                                                                                                                                                          Function 0095D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0095D501
                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0095D50F
                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0095D52F
                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 0095D5DC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                          • Opcode ID: b8a0d14cf8d4d1c9e739b505db589338fa0a18b7e130519a0a5d0fa3fa6f607e
                                                                                                                                                                                                          • Instruction ID: bf9138cfed5796f20722fcebdc03813c5d4258faa7e37286ebc2f97b2cf1331d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8a0d14cf8d4d1c9e739b505db589338fa0a18b7e130519a0a5d0fa3fa6f607e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 223181711083049FD314EF64C885ABFBBE8FF99354F14092DF585862A1EB719A49CBA3
                                                                                                                                                                                                          Function 0095DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00935222), ref: 0095DBCE
                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 0095DBDD
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0095DBEE
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0095DBFA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                                          • Opcode ID: de04db68c0a9f9201dba94363d8da1f20e796231f896a84b42e60fd913b46382
                                                                                                                                                                                                          • Instruction ID: 73e75c6d9892344930070429153e913245f8a19a77b87385702c6f57afa41075
                                                                                                                                                                                                          • Opcode Fuzzy Hash: de04db68c0a9f9201dba94363d8da1f20e796231f896a84b42e60fd913b46382
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75F0A07082991097C230AB79EC0D8AE37AC9E01336B104702F8B6C22E0EBB4995897E5
                                                                                                                                                                                                          Function 00914CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(009228E9,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002,00000000,?,009228E9), ref: 00914D09
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002,00000000,?,009228E9), ref: 00914D10
                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00914D22
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                          • Opcode ID: a30f69370f1638c63536031437632a44f30db289d4ab44d96876b297a8ac9395
                                                                                                                                                                                                          • Instruction ID: 87136eff36fa92fefa070adf5566a8697485df7d478b576381badd1ebe636f8d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a30f69370f1638c63536031437632a44f30db289d4ab44d96876b297a8ac9395
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7E0B675114148ABCF11AF54ED0AA983B6DFB85B81B108014FC098A262CB35ED82EB90
                                                                                                                                                                                                          Function 0097AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 97aff9-97b056 call 912340 3 97b094-97b098 0->3 4 97b058-97b06b call 8fb567 0->4 6 97b0dd-97b0e0 3->6 7 97b09a-97b0bb call 8fb567 * 2 3->7 12 97b06d-97b092 call 8fb567 * 2 4->12 13 97b0c8 4->13 9 97b0f5-97b119 call 8f7510 call 8f7620 6->9 10 97b0e2-97b0e5 6->10 30 97b0bf-97b0c4 7->30 32 97b11f-97b178 call 8f7510 call 8f7620 call 8f7510 call 8f7620 call 8f7510 call 8f7620 9->32 33 97b1d8-97b1e0 9->33 14 97b0e8-97b0ed call 8fb567 10->14 12->30 17 97b0cb-97b0cf 13->17 14->9 22 97b0d1-97b0d7 17->22 23 97b0d9-97b0db 17->23 22->14 23->6 23->9 30->6 34 97b0c6 30->34 82 97b1a6-97b1d6 GetSystemDirectoryW call 90fe0b GetSystemDirectoryW 32->82 83 97b17a-97b195 call 8f7510 call 8f7620 32->83 35 97b1e2-97b1fd call 8f7510 call 8f7620 33->35 36 97b20a-97b238 GetCurrentDirectoryW call 90fe0b GetCurrentDirectoryW 33->36 34->17 35->36 53 97b1ff-97b208 call 914963 35->53 44 97b23c 36->44 47 97b240-97b244 44->47 50 97b246-97b270 call 8f9c6e * 3 47->50 51 97b275-97b285 call 9600d9 47->51 50->51 64 97b287-97b289 51->64 65 97b28b-97b2e1 call 9607c0 call 9606e6 call 9605a7 51->65 53->36 53->51 68 97b2ee-97b2f2 64->68 65->68 96 97b2e3 65->96 71 97b39a-97b3be CreateProcessW 68->71 72 97b2f8-97b321 call 9511c8 68->72 76 97b3c1-97b3d4 call 90fe14 * 2 71->76 87 97b323-97b328 call 951201 72->87 88 97b32a call 9514ce 72->88 102 97b3d6-97b3e8 76->102 103 97b42f-97b43d CloseHandle 76->103 82->44 83->82 105 97b197-97b1a0 call 914963 83->105 100 97b32f-97b33c call 914963 87->100 88->100 96->68 112 97b347-97b357 call 914963 100->112 113 97b33e-97b345 100->113 109 97b3ed-97b3fc 102->109 110 97b3ea 102->110 107 97b43f-97b444 103->107 108 97b49c 103->108 105->47 105->82 114 97b446-97b44c CloseHandle 107->114 115 97b451-97b456 107->115 118 97b4a0-97b4a4 108->118 116 97b401-97b42a GetLastError call 8f630c call 8fcfa0 109->116 117 97b3fe 109->117 110->109 135 97b362-97b372 call 914963 112->135 136 97b359-97b360 112->136 113->112 113->113 114->115 121 97b463-97b468 115->121 122 97b458-97b45e CloseHandle 115->122 126 97b4e5-97b4f6 call 960175 116->126 117->116 124 97b4a6-97b4b0 118->124 125 97b4b2-97b4bc 118->125 130 97b475-97b49a call 9609d9 call 97b536 121->130 131 97b46a-97b470 CloseHandle 121->131 122->121 124->126 127 97b4c4-97b4e3 call 8fcfa0 CloseHandle 125->127 128 97b4be 125->128 127->126 128->127 130->118 131->130 146 97b374-97b37b 135->146 147 97b37d-97b398 call 90fe14 * 3 135->147 136->135 136->136 146->146 146->147 147->76
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097B198
                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0097B1B0
                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0097B1D4
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097B200
                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0097B214
                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0097B236
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097B332
                                                                                                                                                                                                            • Part of subcall function 009605A7: GetStdHandle.KERNEL32(000000F6), ref: 009605C6
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097B34B
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097B366
                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0097B3B6
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0097B407
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0097B439
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0097B44A
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0097B45C
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0097B46E
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0097B4E3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                                          • Opcode ID: 3056acc4c4c1f6dfdad4d9b1ce5e19950a8e6ec83b016053a517fa256d5542e1
                                                                                                                                                                                                          • Instruction ID: 62d502f200a8884078736aea87b7d2b1dc21ed0315ff71424041439132c62a07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3056acc4c4c1f6dfdad4d9b1ce5e19950a8e6ec83b016053a517fa256d5542e1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45F18C326083049FD714EF24C891B6EBBE5BF85714F14895DF9998B2A2DB31EC44CB52
                                                                                                                                                                                                          Function 008FD730 Relevance: 21.6, APIs: 14, Instructions: 629windowsleeptimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetInputState.USER32 ref: 008FD807
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 008FDA07
                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FDB28
                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 008FDB7B
                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 008FDB89
                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FDB9F
                                                                                                                                                                                                          • Sleep.KERNELBASE(0000000A), ref: 008FDBB1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2189390790-0
                                                                                                                                                                                                          • Opcode ID: 615853b7718b3b5301b4c3c5e37eb64e9a29a94717b4163d785be20538ec73e6
                                                                                                                                                                                                          • Instruction ID: 69be9c2135972f977839e19ae03dccedb3b013a3fa76078269a41e9c5e798ce7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 615853b7718b3b5301b4c3c5e37eb64e9a29a94717b4163d785be20538ec73e6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D942DD3060834ADFD728CF24C884F7ABBE6FB86314F548559FA95C7291D770A884DB92
                                                                                                                                                                                                          Function 008F2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 008F2D07
                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 008F2D31
                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F2D42
                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 008F2D5F
                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008F2D6F
                                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 008F2D85
                                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008F2D94
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                          • API String ID: 2914291525-1005189915
                                                                                                                                                                                                          • Opcode ID: 1b3b47ea28feea83a465523878e832ac31f094f2700e7711c84166627aef4749
                                                                                                                                                                                                          • Instruction ID: 8115854b7f6e5070486fe8975763ed9c4c6446aa942f206e42803f37e76355bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b3b47ea28feea83a465523878e832ac31f094f2700e7711c84166627aef4749
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B21E2B5D25308AFDB00DFA4E849A9DBBB4FB09704F00411AE511A62A0D7B14540AFA5
                                                                                                                                                                                                          Function 0093065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 460 93065b-93068b call 93042f 463 9306a6-9306b2 call 925221 460->463 464 93068d-930698 call 91f2c6 460->464 470 9306b4-9306c9 call 91f2c6 call 91f2d9 463->470 471 9306cb-930714 call 93039a 463->471 469 93069a-9306a1 call 91f2d9 464->469 478 93097d-930983 469->478 470->469 480 930781-93078a GetFileType 471->480 481 930716-93071f 471->481 482 9307d3-9307d6 480->482 483 93078c-9307bd GetLastError call 91f2a3 CloseHandle 480->483 485 930721-930725 481->485 486 930756-93077c GetLastError call 91f2a3 481->486 490 9307d8-9307dd 482->490 491 9307df-9307e5 482->491 483->469 499 9307c3-9307ce call 91f2d9 483->499 485->486 487 930727-930754 call 93039a 485->487 486->469 487->480 487->486 493 9307e9-930837 call 92516a 490->493 492 9307e7 491->492 491->493 492->493 502 930847-93086b call 93014d 493->502 503 930839-930845 call 9305ab 493->503 499->469 510 93087e-9308c1 502->510 511 93086d 502->511 503->502 509 93086f-930879 call 9286ae 503->509 509->478 513 9308c3-9308c7 510->513 514 9308e2-9308f0 510->514 511->509 513->514 515 9308c9-9308dd 513->515 516 9308f6-9308fa 514->516 517 93097b 514->517 515->514 516->517 519 9308fc-93092f CloseHandle call 93039a 516->519 517->478 522 930963-930977 519->522 523 930931-93095d GetLastError call 91f2a3 call 925333 519->523 522->517 523->522
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0093039A: CreateFileW.KERNELBASE(00000000,00000000,?,00930704,?,?,00000000,?,00930704,00000000,0000000C), ref: 009303B7
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0093076F
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00930776
                                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 00930782
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0093078C
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00930795
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 009307B5
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 009308FF
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00930931
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00930938
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                          • Opcode ID: ede6dcbb3732c0c1bb699c52777d03c6bbe5b6284f2e2b2f25f0f8db2cdd5fb2
                                                                                                                                                                                                          • Instruction ID: 0a3efce944fa26cdb0878d36593d157081f1256932be4714831edd6956d8c7b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ede6dcbb3732c0c1bb699c52777d03c6bbe5b6284f2e2b2f25f0f8db2cdd5fb2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70A13632A141088FDF19EF68DC62BAE3BA5AB8A320F14015DF8259B391D7359C52DF91
                                                                                                                                                                                                          Function 008F344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009C1418,?,008F2E7F,?,?,?,00000000), ref: 008F3A78
                                                                                                                                                                                                            • Part of subcall function 008F3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 008F3379
                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 008F356A
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0093318D
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 009331CE
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00933210
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00933277
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00933286
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                                          • Opcode ID: 34a16d24638f6bdfed32c32c03598677f85e554bbe5c32f5ec8ef5538bfaa7ad
                                                                                                                                                                                                          • Instruction ID: 89473e53928128729d170a20492161769f1716216fb8b2d589cfaf1e89d77a4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34a16d24638f6bdfed32c32c03598677f85e554bbe5c32f5ec8ef5538bfaa7ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9571C3719183449EC314EF69DC81D6BBBE8FF84B40F40452EF545C72A0EB749A48DB62
                                                                                                                                                                                                          Function 008F2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 008F2B8E
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 008F2B9D
                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 008F2BB3
                                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 008F2BC5
                                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 008F2BD7
                                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 008F2BEF
                                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 008F2C40
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: GetSysColorBrush.USER32(0000000F), ref: 008F2D07
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: RegisterClassExW.USER32(00000030), ref: 008F2D31
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F2D42
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: InitCommonControlsEx.COMCTL32(?), ref: 008F2D5F
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008F2D6F
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: LoadIconW.USER32(000000A9), ref: 008F2D85
                                                                                                                                                                                                            • Part of subcall function 008F2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008F2D94
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                                          • Opcode ID: a7349c2526b31f368d1b1a23190627656c8200aef4b4e31d3d6d91e0f6af445d
                                                                                                                                                                                                          • Instruction ID: 23507defe891de5da560f001d9c83d3bf0cb3a553dc05e309a893dde30479d6b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7349c2526b31f368d1b1a23190627656c8200aef4b4e31d3d6d91e0f6af445d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B214CB0E28358ABDB109FA5EC45EA97FB4FB49B54F00001AF600A67A1D3B54550EF98
                                                                                                                                                                                                          Function 008F3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 601 8f3170-8f3185 602 8f3187-8f318a 601->602 603 8f31e5-8f31e7 601->603 604 8f318c-8f3193 602->604 605 8f31eb 602->605 603->602 606 8f31e9 603->606 609 8f3199-8f319e 604->609 610 8f3265-8f326d PostQuitMessage 604->610 607 932dfb-932e23 call 8f18e2 call 90e499 605->607 608 8f31f1-8f31f6 605->608 611 8f31d0-8f31d8 DefWindowProcW 606->611 647 932e28-932e2f 607->647 612 8f321d-8f3244 SetTimer RegisterWindowMessageW 608->612 613 8f31f8-8f31fb 608->613 615 8f31a4-8f31a8 609->615 616 932e7c-932e90 call 95bf30 609->616 618 8f3219-8f321b 610->618 617 8f31de-8f31e4 611->617 612->618 622 8f3246-8f3251 CreatePopupMenu 612->622 619 8f3201-8f320f KillTimer call 8f30f2 613->619 620 932d9c-932d9f 613->620 623 8f31ae-8f31b3 615->623 624 932e68-932e72 call 95c161 615->624 616->618 640 932e96 616->640 618->617 635 8f3214 call 8f3c50 619->635 632 932da1-932da5 620->632 633 932dd7-932df6 MoveWindow 620->633 622->618 629 8f31b9-8f31be 623->629 630 932e4d-932e54 623->630 636 932e77 624->636 638 8f31c4-8f31ca 629->638 639 8f3253-8f3263 call 8f326f 629->639 630->611 634 932e5a-932e63 call 950ad7 630->634 641 932da7-932daa 632->641 642 932dc6-932dd2 SetFocus 632->642 633->618 634->611 635->618 636->618 638->611 638->647 639->618 640->611 641->638 643 932db0-932dc1 call 8f18e2 641->643 642->618 643->618 647->611 651 932e35-932e48 call 8f30f2 call 8f3837 647->651 651->611
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,008F316A,?,?), ref: 008F31D8
                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,008F316A,?,?), ref: 008F3204
                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008F3227
                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,008F316A,?,?), ref: 008F3232
                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 008F3246
                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 008F3267
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                                          • Opcode ID: 0f87d810a2f31a98de6454ded47a3f1f716ba057d6db46fbecfe983eaf3373be
                                                                                                                                                                                                          • Instruction ID: e05ad26839279616a0e4162a49cc676f79ae9871761b03ada57a140e3064c4c1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f87d810a2f31a98de6454ded47a3f1f716ba057d6db46fbecfe983eaf3373be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E414C3166820CEBDF256B78DD0DF793659F746349F04012AFB06C62A2CB71DE80A766
                                                                                                                                                                                                          Function 008F1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 657 8f1410-8f1449 658 8f144f-8f1465 mciSendStringW 657->658 659 9324b8-9324b9 DestroyWindow 657->659 660 8f146b-8f1473 658->660 661 8f16c6-8f16d3 658->661 662 9324c4-9324d1 659->662 660->662 663 8f1479-8f1488 call 8f182e 660->663 664 8f16f8-8f16ff 661->664 665 8f16d5-8f16f0 UnregisterHotKey 661->665 666 9324d3-9324d6 662->666 667 932500-932507 662->667 678 8f148e-8f1496 663->678 679 93250e-93251a 663->679 664->660 670 8f1705 664->670 665->664 669 8f16f2-8f16f3 call 8f10d0 665->669 671 9324e2-9324e5 FindClose 666->671 672 9324d8-9324e0 call 8f6246 666->672 667->662 675 932509 667->675 669->664 670->661 677 9324eb-9324f8 671->677 672->677 675->679 677->667 681 9324fa-9324fb call 9632b1 677->681 682 932532-93253f 678->682 683 8f149c-8f14c1 call 8fcfa0 678->683 684 932524-93252b 679->684 685 93251c-93251e FreeLibrary 679->685 681->667 687 932541-93255e VirtualFree 682->687 688 932566-93256d 682->688 695 8f14f8-8f1503 CoUninitialize 683->695 696 8f14c3 683->696 684->679 686 93252d 684->686 685->684 686->682 687->688 691 932560-932561 call 963317 687->691 688->682 692 93256f 688->692 691->688 698 932574-932578 692->698 697 8f1509-8f150e 695->697 695->698 699 8f14c6-8f14f6 call 8f1a05 call 8f19ae 696->699 700 932589-932596 call 9632eb 697->700 701 8f1514-8f151e 697->701 698->697 702 93257e-932584 698->702 699->695 713 932598 700->713 704 8f1707-8f1714 call 90f80e 701->704 705 8f1524-8f15a5 call 8f988f call 8f1944 call 8f17d5 call 90fe14 call 8f177c call 8f988f call 8fcfa0 call 8f17fe call 90fe14 701->705 702->697 704->705 718 8f171a 704->718 719 93259d-9325bf call 90fdcd 705->719 747 8f15ab-8f15cf call 90fe14 705->747 713->719 718->704 725 9325c1 719->725 728 9325c6-9325e8 call 90fdcd 725->728 735 9325ea 728->735 738 9325ef-932611 call 90fdcd 735->738 743 932613 738->743 746 932618-932625 call 9564d4 743->746 752 932627 746->752 747->728 753 8f15d5-8f15f9 call 90fe14 747->753 755 93262c-932639 call 90ac64 752->755 753->738 758 8f15ff-8f1619 call 90fe14 753->758 762 93263b 755->762 758->746 763 8f161f-8f1643 call 8f17d5 call 90fe14 758->763 765 932640-93264d call 963245 762->765 763->755 772 8f1649-8f1651 763->772 771 93264f 765->771 773 932654-932661 call 9632cc 771->773 772->765 774 8f1657-8f1675 call 8f988f call 8f190a 772->774 779 932663 773->779 774->773 783 8f167b-8f1689 774->783 782 932668-932675 call 9632cc 779->782 788 932677 782->788 783->782 785 8f168f-8f16c5 call 8f988f * 3 call 8f1876 783->785 788->788
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 008F1459
                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 008F14F8
                                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 008F16DD
                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 009324B9
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0093251E
                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0093254B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                                          • Opcode ID: c0ff9fe9f7b5e6afafd530d70925e7aff0154dc37fc7ad3c797194e416aabfab
                                                                                                                                                                                                          • Instruction ID: e645b26a62a86e6f687149e5e86800687f0ba3133d6ba567ea41a486b2439869
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ff9fe9f7b5e6afafd530d70925e7aff0154dc37fc7ad3c797194e416aabfab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44D17B31701216CFCB29EF25C899B29F7A4FF45704F2442ADE54AAB2A1DB31AD12CF51
                                                                                                                                                                                                          Function 008F10F3 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 008F1BF4
                                                                                                                                                                                                            • Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 008F1BFC
                                                                                                                                                                                                            • Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 008F1C07
                                                                                                                                                                                                            • Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 008F1C12
                                                                                                                                                                                                            • Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 008F1C1A
                                                                                                                                                                                                            • Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 008F1C22
                                                                                                                                                                                                            • Part of subcall function 008F1B4A: RegisterWindowMessageW.USER32(00000004,?,008F12C4), ref: 008F1BA2
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 008F136A
                                                                                                                                                                                                          • OleInitialize.OLE32 ref: 008F1388
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 009324AB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                          • String ID: 0H$88$`
                                                                                                                                                                                                          • API String ID: 1986988660-3782236742
                                                                                                                                                                                                          • Opcode ID: 46c43235fb2b89235d97d5cf6d404b8df5d88d8136b159f0c203daeae01a3da1
                                                                                                                                                                                                          • Instruction ID: 0e941a42e84ff516656b12df923c4b842a96715b8d3012fb27e5d3b79b08a23c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46c43235fb2b89235d97d5cf6d404b8df5d88d8136b159f0c203daeae01a3da1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F71BFB4D293848FC798EF79A955E653AE4FB8A350754412EE10AC7373EB308401AF5E
                                                                                                                                                                                                          Function 008F2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 963 8f2c63-8f2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008F2C91
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008F2CB2
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,008F1CAD,?), ref: 008F2CC6
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,008F1CAD,?), ref: 008F2CCF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                                          • Opcode ID: 3b603d2d7541e3f6f877c7772deb271e06fcae73db804b3e9d987bd1b2113771
                                                                                                                                                                                                          • Instruction ID: 2888c7a987475aaa342d8eebeb248bad87cd4c32993556635d2e5e14afbe3234
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b603d2d7541e3f6f877c7772deb271e06fcae73db804b3e9d987bd1b2113771
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF0DAB59642D07BEB311717AC08E772EBDD7C7F54B01005BF900A36A1C6751850EAB8
                                                                                                                                                                                                          Function 008F3923 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94windowCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 009333A2
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 008F3A04
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                          • String ID: Line: $
                                                                                                                                                                                                          • API String ID: 2289894680-1764292345
                                                                                                                                                                                                          • Opcode ID: 531c40ac63acbb095ec7162534854ac5537735f0d028b7ab4d8a5c380c883064
                                                                                                                                                                                                          • Instruction ID: abb292e9aa67559ea58031ff2fd478484ce8697ca29d078de416c6291d8c999d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 531c40ac63acbb095ec7162534854ac5537735f0d028b7ab4d8a5c380c883064
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8331C171918348AAC325EB34DC45FEBB7D8FB41714F00452AF699C2192EB709A48CB87
                                                                                                                                                                                                          Function 008F3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 1036 8f3b1c-8f3b27 1037 8f3b99-8f3b9b 1036->1037 1038 8f3b29-8f3b2e 1036->1038 1039 8f3b8c-8f3b8f 1037->1039 1038->1037 1040 8f3b30-8f3b48 RegOpenKeyExW 1038->1040 1040->1037 1041 8f3b4a-8f3b69 RegQueryValueExW 1040->1041 1042 8f3b6b-8f3b76 1041->1042 1043 8f3b80-8f3b8b RegCloseKey 1041->1043 1044 8f3b78-8f3b7a 1042->1044 1045 8f3b90-8f3b97 1042->1045 1043->1039 1046 8f3b7e 1044->1046 1045->1046 1046->1043
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,008F3B0F,SwapMouseButtons,00000004,?), ref: 008F3B40
                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,008F3B0F,SwapMouseButtons,00000004,?), ref: 008F3B61
                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,008F3B0F,SwapMouseButtons,00000004,?), ref: 008F3B83
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                                          • Opcode ID: f682ff1a4af9424852f21f96e5d9b0f0ef8ca7f563b740c36ec712b859bdc192
                                                                                                                                                                                                          • Instruction ID: ce95fa1fe269b3c96af8cd3f54cc8633affdc5bc9ec4c5b888456d1372a14d16
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f682ff1a4af9424852f21f96e5d9b0f0ef8ca7f563b740c36ec712b859bdc192
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81112AB552120CFFDB218FA5DC54ABEB7B8FF05794B10445AA905D7210D2319E40A760
                                                                                                                                                                                                          Function 0090FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00910668
                                                                                                                                                                                                            • Part of subcall function 009132A4: RaiseException.KERNEL32(?,?,?,0091068A,?,009C1444,?,?,?,?,?,?,0091068A,008F1129,009B8738,008F1129), ref: 00913304
                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00910685
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                                          • Opcode ID: 35985e9907f04d8aa6a850cf9fe5b254ef7d2f8495034b45f9a7260aba7226fa
                                                                                                                                                                                                          • Instruction ID: 39efff2eee9ab71e04c639aed60c9a3f816b4c2f700c198afc6c494c1b7c05cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35985e9907f04d8aa6a850cf9fe5b254ef7d2f8495034b45f9a7260aba7226fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1F0C234A0030DBBCB10B664D856EDE776D5EC0354B608571B924969D1EFB2DBE6C680
                                                                                                                                                                                                          Function 0095C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 008F3A04
                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0095C259
                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0095C261
                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0095C270
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                                          • Opcode ID: f92382fc10d811ab9aaa39c70299a99ac550bdd849f22a7f6a3bdae7a46774bb
                                                                                                                                                                                                          • Instruction ID: 1464ce241a0a2702ee2e157c2d3d15e27f1974a141766c3d9bfb26ef4828d839
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f92382fc10d811ab9aaa39c70299a99ac550bdd849f22a7f6a3bdae7a46774bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B3198B09043446FEB22DF758855BE7BBECAB06705F00049DD5EA97241C7746A88CB51
                                                                                                                                                                                                          Function 009286AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,009285CC,?,009B8CC8,0000000C), ref: 00928704
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,009285CC,?,009B8CC8,0000000C), ref: 0092870E
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00928739
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                          • Opcode ID: af6a418b24b41b7ba31637af96288decd3fdf6e36572cd67027e696dfda756c5
                                                                                                                                                                                                          • Instruction ID: 883368b5037e027fbd22c0e45a6af2554a10bc15feadb7148216e5fe081fc055
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af6a418b24b41b7ba31637af96288decd3fdf6e36572cd67027e696dfda756c5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E014932A1A63066D624A334B849B7F6B5D4BD2775F3A011DF8148B1DBDEB1CC819290
                                                                                                                                                                                                          Function 008FDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 008FDB7B
                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 008FDB89
                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FDB9F
                                                                                                                                                                                                          • Sleep.KERNELBASE(0000000A), ref: 008FDBB1
                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00941CC9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3288985973-0
                                                                                                                                                                                                          • Opcode ID: d14274375be47f40c36bbc59963b1b40930dcf47fbeebc3a29ff99e201840788
                                                                                                                                                                                                          • Instruction ID: a18f3d89c5ab0bf08bf67a46ba773057e5d2678704d2342337fa2976f0ebccf7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d14274375be47f40c36bbc59963b1b40930dcf47fbeebc3a29ff99e201840788
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F05E706183449BEB30CB708C89FAA73ADFB85351F104A18E74AC30D0DB30A4889B29
                                                                                                                                                                                                          Function 00901310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 009017F6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                          • String ID: CALL
                                                                                                                                                                                                          • API String ID: 1385522511-4196123274
                                                                                                                                                                                                          • Opcode ID: 6ff99f506260b44b2504dd97cc5bc59fe5a89814a956f20c3468a029d49b616d
                                                                                                                                                                                                          • Instruction ID: fa2cfe26053a9d579b8f9c64a116e8292ea1058def3b5d1a3d0f212363e09b97
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ff99f506260b44b2504dd97cc5bc59fe5a89814a956f20c3468a029d49b616d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D227AB06082419FC714DF24C890F2ABBF5BF86314F24896DF4968B3A1D776E945CB92
                                                                                                                                                                                                          Function 008F2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 00932C8C
                                                                                                                                                                                                            • Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2
                                                                                                                                                                                                            • Part of subcall function 008F2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008F2DC4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                                          • Opcode ID: 97b361e9072f16ec520b211da2cb0f625bb0671b62d14ed7f8a19dcbb903006c
                                                                                                                                                                                                          • Instruction ID: 5ee64e37872d24627eafc6b3c308b35ab51ddf09cb70cf87266ec5c21d77030d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97b361e9072f16ec520b211da2cb0f625bb0671b62d14ed7f8a19dcbb903006c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4218171A1029C9BCF11EFA8C845BEE7BF9EF49314F004059E505E7241DBB85A898F61
                                                                                                                                                                                                          Function 008F3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 008F3908
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                          • Opcode ID: b4236474ea9eb44a6e73a491dc2ecd1672f5010d661fc8f00eb4eb7b34f10475
                                                                                                                                                                                                          • Instruction ID: c302db0c08599e294ff51f191040ad6f4b0d3a1738d8005be524cf563af4e725
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4236474ea9eb44a6e73a491dc2ecd1672f5010d661fc8f00eb4eb7b34f10475
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C31C570A143049FD720DF34D884BA7BBE8FB49748F00092EFA99C3251D775AA44CB52
                                                                                                                                                                                                          Function 0090F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0090F661
                                                                                                                                                                                                            • Part of subcall function 008FD730: GetInputState.USER32 ref: 008FD807
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0094F2DE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InputSleepStateTimetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4149333218-0
                                                                                                                                                                                                          • Opcode ID: a603b01492b37fcba1c158446c202b3f427beb2e952fe87dc7cfc841e953a7e8
                                                                                                                                                                                                          • Instruction ID: 8cb18393d0747551aec7a074a3edede04ac2cd73f607c5431a14d00e23ba2440
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a603b01492b37fcba1c158446c202b3f427beb2e952fe87dc7cfc841e953a7e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48F0A0712442099FD310EF79D459F6AB7E9FF49761F000029E95AC77A0EB70B800CBA1
                                                                                                                                                                                                          Function 008F4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E9C
                                                                                                                                                                                                            • Part of subcall function 008F4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008F4EAE
                                                                                                                                                                                                            • Part of subcall function 008F4E90: FreeLibrary.KERNEL32(00000000,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4EC0
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4EFD
                                                                                                                                                                                                            • Part of subcall function 008F4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E62
                                                                                                                                                                                                            • Part of subcall function 008F4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008F4E74
                                                                                                                                                                                                            • Part of subcall function 008F4E59: FreeLibrary.KERNEL32(00000000,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E87
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                                          • Opcode ID: cdbc032153d1d45b1f3af49dc5a6ea3adfe2269936fe2d9329aa15d9a39daa8c
                                                                                                                                                                                                          • Instruction ID: ae3a276df273ed10554291d45d9f2133a77ac4c186c00ce8d8766f4b73f27b8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdbc032153d1d45b1f3af49dc5a6ea3adfe2269936fe2d9329aa15d9a39daa8c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C11E332610209ABCF14BB78DC02FBE77A5FF80710F20842EF646E61C1EE709A459B61
                                                                                                                                                                                                          Function 00928402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                          • Opcode ID: 9803319eaa79499f3736ac5e3fee52ad8a6c25391c4cac0950ab3f18406f9f4d
                                                                                                                                                                                                          • Instruction ID: 85c116b24073b3acca9cb8e92c80ed99cd991fd3cfb2867ade53a5ec7d1db973
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9803319eaa79499f3736ac5e3fee52ad8a6c25391c4cac0950ab3f18406f9f4d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B711187590410AAFCF05DF58E941A9B7BF9EF48314F144059F808AB312DA31DE21CBA5
                                                                                                                                                                                                          Function 0091E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                          • Instruction ID: 3b8a1cf77a0317afb318eb61ce982bac680f168c3b99ed2232d6dbfc116b4385
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7F02832712A2CAAC7313B69AC05BDB339C9FD23B0F500B15FC21931D2CB74E88186A5
                                                                                                                                                                                                          Function 00923820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: e9f03a158b8ffda858a3b09a915aade4a38178aea084b30c10674d7d694c1fff
                                                                                                                                                                                                          • Instruction ID: 93341101f1a4f325c3419d033aac5f15792797387c58206ac2791f5235094323
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9f03a158b8ffda858a3b09a915aade4a38178aea084b30c10674d7d694c1fff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E02B3220423857D7312677BC04FDB376DAF82BB0F168020BD159E999CB2DDD0182E0
                                                                                                                                                                                                          Function 008F4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4F6D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                          • Opcode ID: e02f5210238f4cf622fae4d2065aa0b0b92bc1058ba98369093de980c69f159c
                                                                                                                                                                                                          • Instruction ID: dea5518c0c6eae81977da8aab9bc0cc4fc66a0f7705c0683f0f7a2cab57a68a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e02f5210238f4cf622fae4d2065aa0b0b92bc1058ba98369093de980c69f159c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F0157150975ACFDB349F74D494823BBE4FF14329320996EE2EE82621CB319888DB10
                                                                                                                                                                                                          Function 00982A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00982A66
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                          • Opcode ID: 763906dbbb178cd955c3459191d4ac75aead3620e2fdac5fc8dbd18de5932107
                                                                                                                                                                                                          • Instruction ID: 92ef4ba2922272febbe93c6f460d4d8b87367fe970abf2da2ef46d0e7635a329
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 763906dbbb178cd955c3459191d4ac75aead3620e2fdac5fc8dbd18de5932107
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32E04F76354216AAC758FB31DC809FA735CEF903957104536AC26C2240EB34999597A0
                                                                                                                                                                                                          Function 008F30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 008F314E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                          • Opcode ID: 057b4e25f2b273d2bcc56933c0eefe5869457342ae9be0f7aa0f3541c47ce525
                                                                                                                                                                                                          • Instruction ID: ddac418cf7a664ac90568b9e3baca5d8ed661b78d88c4b33ad8eb0516c47a6ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 057b4e25f2b273d2bcc56933c0eefe5869457342ae9be0f7aa0f3541c47ce525
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF037709143589FEB529B24DC45BD57BBCB70170CF0000E5A64896292D77457D8CF55
                                                                                                                                                                                                          Function 008F2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008F2DC4
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                                          • Opcode ID: a7ea6ed1dee92e63db6c27658ac4f1aea04919642cd72ac32d71b690c3631a75
                                                                                                                                                                                                          • Instruction ID: c3c28357dc09c0890d6f0e57b90f61dadfde19f6e1385d4fb578d65a2f607905
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7ea6ed1dee92e63db6c27658ac4f1aea04919642cd72ac32d71b690c3631a75
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E0CD726041245BC71092589C05FEA77DDEFC8790F040171FD09D7258DA70ED808651
                                                                                                                                                                                                          Function 008F2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 008F3908
                                                                                                                                                                                                            • Part of subcall function 008FD730: GetInputState.USER32 ref: 008FD807
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 008F2B6B
                                                                                                                                                                                                            • Part of subcall function 008F30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 008F314E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3667716007-0
                                                                                                                                                                                                          • Opcode ID: f6a674299ac48be22020856e597be3266f33439fca7481683699fa04540205d8
                                                                                                                                                                                                          • Instruction ID: 2443eae8b3e82f20da9289d235b617d826beaf413d53ff3e393f9b062de3383a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6a674299ac48be22020856e597be3266f33439fca7481683699fa04540205d8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BE0863271434C06C608BB7D985297DA759FBD6352F40153EF742C7273DE2485454353
                                                                                                                                                                                                          Function 0093039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00930704,?,?,00000000,?,00930704,00000000,0000000C), ref: 009303B7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                          • Opcode ID: 3d1b60854f36d1d88be0b0dd1a94d3e2ec10d5f607b539192a71094b5b66235d
                                                                                                                                                                                                          • Instruction ID: ffc9eccf7bebdba8ac5d7ad4f97f9d3453c3dd821239abc6ee12febc9d63ccab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d1b60854f36d1d88be0b0dd1a94d3e2ec10d5f607b539192a71094b5b66235d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1D06C3205410DBBDF028F84DD46EDA3BAAFB48714F014000BE1856120C732E821AB90
                                                                                                                                                                                                          Function 008F1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 008F1CBC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InfoParametersSystem
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3098949447-0
                                                                                                                                                                                                          • Opcode ID: 6beb3bae42c444de7835a87fe0b5e063ddc11d5cd363198f5c79bb40666ee49c
                                                                                                                                                                                                          • Instruction ID: 0416e85065b1ce141b7bbe3f8880dfeebb3c3e2a4d27c08f707575b72efac7c7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6beb3bae42c444de7835a87fe0b5e063ddc11d5cd363198f5c79bb40666ee49c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CC092366AC344AFF7149B80BC4AF117764A388B04F048002F609A9AE3C3F22820FB64

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00989576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0098961A
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0098965B
                                                                                                                                                                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0098969F
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009896C9
                                                                                                                                                                                                          • SendMessageW.USER32 ref: 009896F2
                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0098978B
                                                                                                                                                                                                          • GetKeyState.USER32(00000009), ref: 00989798
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009897AE
                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 009897B8
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009897E9
                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00989810
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001030,?,00987E95), ref: 00989918
                                                                                                                                                                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0098992E
                                                                                                                                                                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00989941
                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 0098994A
                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 009899AF
                                                                                                                                                                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009899BC
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009899D6
                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 009899E1
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00989A19
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00989A26
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00989A80
                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00989AAE
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00989AEB
                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00989B1A
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00989B3B
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00989B4A
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00989B68
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00989B75
                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00989B93
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00989BFA
                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00989C2B
                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00989C84
                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00989CB4
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00989CDE
                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00989D01
                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00989D4E
                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00989D82
                                                                                                                                                                                                            • Part of subcall function 00909944: GetWindowLongW.USER32(?,000000EB), ref: 00909952
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00989E05
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                          • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                          • API String ID: 3429851547-4164748364
                                                                                                                                                                                                          • Opcode ID: a1744b186ac05d06748f9c2f14245675f19150baf77bbd24fc705d9906866ac7
                                                                                                                                                                                                          • Instruction ID: 016ce45c63d3c17d06ce127ba9b6c6586aa9374f1e4906d87cfb444a5a135fdb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1744b186ac05d06748f9c2f14245675f19150baf77bbd24fc705d9906866ac7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26427C74618201AFDB24EF28CC44EBABBE9FF49314F180A19F699873A1E731D854DB51
                                                                                                                                                                                                          Function 00984873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009848F3
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00984908
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00984927
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0098494B
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0098495C
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0098497B
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009849AE
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009849D4
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00984A0F
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00984A56
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00984A7E
                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00984A97
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00984AF2
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00984B20
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00984B94
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00984BE3
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00984C82
                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00984CAE
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00984CC9
                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00984CF1
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00984D13
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00984D33
                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00984D5A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                          • String ID: %d/%02d/%02d
                                                                                                                                                                                                          • API String ID: 4054740463-328681919
                                                                                                                                                                                                          • Opcode ID: 4803bdc2dcb01c98ce514bd534c453bfdc383a8d52930a502af050d460952b7d
                                                                                                                                                                                                          • Instruction ID: 0ffed640282ca357104208e9a49dcc93e295520811f8b1d369e31acb3d84bcf8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4803bdc2dcb01c98ce514bd534c453bfdc383a8d52930a502af050d460952b7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72120271600256ABEB25AF28CC49FAE7BF8EF85710F104529F516DB3E1DB789940CB50
                                                                                                                                                                                                          Function 0090F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0090F998
                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0094F474
                                                                                                                                                                                                          • IsIconic.USER32(00000000), ref: 0094F47D
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000009), ref: 0094F48A
                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0094F494
                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0094F4AA
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0094F4B1
                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0094F4BD
                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0094F4CE
                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0094F4D6
                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0094F4DE
                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0094F4E1
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F4F6
                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0094F501
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F50B
                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0094F510
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F519
                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0094F51E
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F528
                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 0094F52D
                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0094F530
                                                                                                                                                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0094F557
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                                                                          • Opcode ID: 53329f9b14ca831378ffe5681704141f9f503ead07a7f32ab6a1c610a4f25720
                                                                                                                                                                                                          • Instruction ID: 87f8e1bf583a349c1e829d8d45a97b2e4789ac21d56c3dc05f6fbda662786270
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53329f9b14ca831378ffe5681704141f9f503ead07a7f32ab6a1c610a4f25720
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 723174B1A54219BFEB206BB59C4AFBF7E6CEB44B50F100425F601E62D1D6B09D00BB70
                                                                                                                                                                                                          Function 00951201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 009516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0095170D
                                                                                                                                                                                                            • Part of subcall function 009516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0095173A
                                                                                                                                                                                                            • Part of subcall function 009516C3: GetLastError.KERNEL32 ref: 0095174A
                                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00951286
                                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 009512A8
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 009512B9
                                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009512D1
                                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 009512EA
                                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 009512F4
                                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00951310
                                                                                                                                                                                                            • Part of subcall function 009510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009511FC), ref: 009510D4
                                                                                                                                                                                                            • Part of subcall function 009510BF: CloseHandle.KERNEL32(?,?,009511FC), ref: 009510E9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                                          • Opcode ID: 0202aa35daf880a7ebb84cdbd94562a575d76d404e47937e4f9852a7b37af263
                                                                                                                                                                                                          • Instruction ID: 59bff50952c3d9d77b8a146079ba1683344b2bd950ad805efae70a0a61a903f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0202aa35daf880a7ebb84cdbd94562a575d76d404e47937e4f9852a7b37af263
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 908187B1A00209AFDF21DFA5DC49FEE7BBDEF48705F144129F910A62A0D7748A48DB24
                                                                                                                                                                                                          Function 00950B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00951114
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951120
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 0095112F
                                                                                                                                                                                                            • Part of subcall function 009510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951136
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0095114D
                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00950BCC
                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00950C00
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00950C17
                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00950C51
                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00950C6D
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00950C84
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00950C8C
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00950C93
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00950CB4
                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00950CBB
                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00950CEA
                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00950D0C
                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00950D1E
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950D45
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950D4C
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950D55
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950D5C
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950D65
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950D6C
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00950D78
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950D7F
                                                                                                                                                                                                            • Part of subcall function 00951193: GetProcessHeap.KERNEL32(00000008,00950BB1,?,00000000,?,00950BB1,?), ref: 009511A1
                                                                                                                                                                                                            • Part of subcall function 00951193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00950BB1,?), ref: 009511A8
                                                                                                                                                                                                            • Part of subcall function 00951193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00950BB1,?), ref: 009511B7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                          • Opcode ID: fbf685e726b0145f50ee467da77705f813f0a3d14c758a3284b5683fd73e05e4
                                                                                                                                                                                                          • Instruction ID: 28bcea36c391e6cd2a3de7485441be76480f7e827f9c6d2e5a99c16f85890b76
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbf685e726b0145f50ee467da77705f813f0a3d14c758a3284b5683fd73e05e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A27168B290420AABDF10DFA5DC88BEEBBBCAF44341F144515ED15A7291D771AA09CB60
                                                                                                                                                                                                          Function 0096EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenClipboard.USER32(0098CC08), ref: 0096EB29
                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 0096EB37
                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 0096EB43
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0096EB4F
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0096EB87
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0096EB91
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0096EBBC
                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 0096EBC9
                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 0096EBD1
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0096EBE2
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0096EC22
                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 0096EC38
                                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 0096EC44
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0096EC55
                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0096EC77
                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0096EC94
                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0096ECD2
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0096ECF3
                                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 0096ED14
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0096ED59
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                                          • Opcode ID: 844a2a617c07708ea5f71894064326c04c6defe0f178cd04a01ceb358c8b5b5c
                                                                                                                                                                                                          • Instruction ID: 52f0e89c72bcd11b1eebbebae37f35602dba380b6be7ee336d5d516594b5891b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 844a2a617c07708ea5f71894064326c04c6defe0f178cd04a01ceb358c8b5b5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F661BC78208206AFD300EF24D898F3A77A8FF84754F184529F596C72A2DB31D905DB62
                                                                                                                                                                                                          Function 0096698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 009669BE
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00966A12
                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00966A4E
                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00966A75
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00966AB2
                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00966ADF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                                          • Opcode ID: 5bb568ad46c2b61576e537a04926c3a137eeacb346a1cbd007266dfe8b0c28bd
                                                                                                                                                                                                          • Instruction ID: 8f3c9ac8e71fb08006331a41b2a89e899175e2c895aec8cef6a3278fd6313cd0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bb568ad46c2b61576e537a04926c3a137eeacb346a1cbd007266dfe8b0c28bd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16D13D72508304AEC710EBA8C991EBBB7ECFF88704F44491DF689C6191EB74DA44CB62
                                                                                                                                                                                                          Function 00969642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00969663
                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 009696A1
                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 009696BB
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 009696D3
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 009696DE
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 009696FA
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0096974A
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(009B6B7C), ref: 00969768
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00969772
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0096977F
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0096978F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                                          • Opcode ID: 0f35d37c535266ff275b63fae8de6a9d5bd262225d7180675e241369a0db2d8c
                                                                                                                                                                                                          • Instruction ID: 158c216a3502d13b6c49b90235aef254a0f6288d79be6ae43e95c6efb5d3b344
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f35d37c535266ff275b63fae8de6a9d5bd262225d7180675e241369a0db2d8c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F531F572614219AEDF14EFB4ED08AEE77BCAF89320F104566F815E2290DB34DD84CB20
                                                                                                                                                                                                          Function 0096979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 009697BE
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00969819
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00969824
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00969840
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00969890
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(009B6B7C), ref: 009698AE
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 009698B8
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 009698C5
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 009698D5
                                                                                                                                                                                                            • Part of subcall function 0095DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0095DB00
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                                          • Opcode ID: 024b9696c33acf4dd2886b6d167bdd392202aed4952b78e3517b9566cdf0e776
                                                                                                                                                                                                          • Instruction ID: dc707ba642dd7b152ee4ab69a32552545b36ec8fa75ebad3396739d0dd975679
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 024b9696c33acf4dd2886b6d167bdd392202aed4952b78e3517b9566cdf0e776
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A531D272604219AEDB10EFB4EC48ADE77BC9F8A324F104556E814E32D0DB34DE85DB60
                                                                                                                                                                                                          Function 0097BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E
                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097BF3E
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0097BFA9
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0097BFCD
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0097C02C
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0097C0E7
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0097C154
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0097C1E9
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0097C23A
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0097C2E3
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0097C382
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0097C38F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3102970594-0
                                                                                                                                                                                                          • Opcode ID: e1e55cdc212b1bd628a8255254fd9f6f4ef9b571a20b14acbae4b410e727e8e8
                                                                                                                                                                                                          • Instruction ID: e6dc6e358f82dc00a735cd43fa3ca54a90f34b426a42b1bc1bd6596ca6c60edf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1e55cdc212b1bd628a8255254fd9f6f4ef9b571a20b14acbae4b410e727e8e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C020CB1604200AFD714DF28C895E2ABBE5EF89318F58C49DF849DB2A2D731ED45CB52
                                                                                                                                                                                                          Function 00968195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00968257
                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00968267
                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00968273
                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00968310
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00968324
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00968356
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0096838C
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00968395
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                                          • Opcode ID: 4d5ae7e9c972c632b3db4565773a8c859ab2d973f7f9261f6c53dc53d20efdb5
                                                                                                                                                                                                          • Instruction ID: 281870d0c50cb80fe27fd403ba6b8e2fc29e2bdb73aa8694c51fbc38c83ef397
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d5ae7e9c972c632b3db4565773a8c859ab2d973f7f9261f6c53dc53d20efdb5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24614BB25083099FCB10EF64C8509AFB3E8FF89314F04491AF999D7251EB35EA45CB92
                                                                                                                                                                                                          Function 0095D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2
                                                                                                                                                                                                            • Part of subcall function 0095E199: GetFileAttributesW.KERNEL32(?,0095CF95), ref: 0095E19A
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0095D122
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0095D1DD
                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0095D1F0
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0095D20D
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0095D237
                                                                                                                                                                                                            • Part of subcall function 0095D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0095D21C,?,?), ref: 0095D2B2
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0095D253
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0095D264
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                                          • Opcode ID: 7845d4172fa43bdf3dddb539f86a04d277d7f198aed2579bb48214a0b87d52a3
                                                                                                                                                                                                          • Instruction ID: 8c76308de77f629687cf4cb12ddd01e07f90bdd78151d9128b8b9eb6034f2ff9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7845d4172fa43bdf3dddb539f86a04d277d7f198aed2579bb48214a0b87d52a3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3661AC7180610D9ACF15EBE5D982AFDB7B9EF50341F204065E812B7291EB30AF09CB61
                                                                                                                                                                                                          Function 0096ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                                          • Opcode ID: 9e88f2ea6454e9982e6064a5db93505491715ebffd6be62d760e37f1d7def5d7
                                                                                                                                                                                                          • Instruction ID: 940df5cba9c140d68bc31e2f32599fd8ecbe63d04207cba7afcfcb60fefea093
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e88f2ea6454e9982e6064a5db93505491715ebffd6be62d760e37f1d7def5d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8341D379608612AFE311CF19E888F29BBE5FF44318F14C099E4168B7A2C776ED41CB90
                                                                                                                                                                                                          Function 0095E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 009516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0095170D
                                                                                                                                                                                                            • Part of subcall function 009516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0095173A
                                                                                                                                                                                                            • Part of subcall function 009516C3: GetLastError.KERNEL32 ref: 0095174A
                                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0095E932
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                                          • Opcode ID: 26ff96b12a1527abf315fee5e66cf4077b30b19c88da38c04762b59ffeda5875
                                                                                                                                                                                                          • Instruction ID: 2b342dd25b2dd48e2f9c14c7d09533f3a92f3aa47650ce9e26d941ae506b71f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26ff96b12a1527abf315fee5e66cf4077b30b19c88da38c04762b59ffeda5875
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3014E72A10210AFEB18A676BC96FBF725C9B04792F140822FC13E31D1D5765D4883A0
                                                                                                                                                                                                          Function 00971204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00971276
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00971283
                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 009712BA
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 009712C5
                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 009712F4
                                                                                                                                                                                                          • listen.WSOCK32(00000000,00000005), ref: 00971303
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 0097130D
                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 0097133C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 540024437-0
                                                                                                                                                                                                          • Opcode ID: dc1794fa6d6634ac82b1f126dd15ec9232e722a1da502a5d6ad7b182e12d8999
                                                                                                                                                                                                          • Instruction ID: 336097939b448e72541c3ed36e819cbe91598e1bb9cd0d9e8cab1157144fcf8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc1794fa6d6634ac82b1f126dd15ec9232e722a1da502a5d6ad7b182e12d8999
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60416E726001009FD710DF68C489B29BBE6BF86318F18C198E95A9F393C771ED85CBA1
                                                                                                                                                                                                          Function 0092B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092B9D4
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092B9F8
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092BB7F
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00993700), ref: 0092BB91
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,009C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0092BC09
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,009C1270,000000FF,?,0000003F,00000000,?), ref: 0092BC36
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092BD4B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 314583886-0
                                                                                                                                                                                                          • Opcode ID: 8534e170290070ac14256d60830d05bfeed051703ad006d7a5a6c786890f6aeb
                                                                                                                                                                                                          • Instruction ID: f80d58cd60858001e99f695d2dbc2fd7b4cbddf4d6d45caaccefdfa684919875
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8534e170290070ac14256d60830d05bfeed051703ad006d7a5a6c786890f6aeb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0C11775D04225AFCB24DF68EC41BAE7BFCEF86310F14419AE4A1D725AEB309E419750
                                                                                                                                                                                                          Function 0095D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2
                                                                                                                                                                                                            • Part of subcall function 0095E199: GetFileAttributesW.KERNEL32(?,0095CF95), ref: 0095E19A
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0095D420
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0095D470
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0095D481
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0095D498
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0095D4A1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                                          • Opcode ID: f5595496f540762cf84b7dad644713aa0b031582032b29c5b57a8554aa1baced
                                                                                                                                                                                                          • Instruction ID: 5bd45e3a1598ebe503289e7807bf0d98eea47d5236b67e79522dcc1c3aaffdc7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5595496f540762cf84b7dad644713aa0b031582032b29c5b57a8554aa1baced
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA31AF7101D3459BC214EF69D8918BF77E8FE91311F404A2DF9E5822A1EB30EA0D9763
                                                                                                                                                                                                          Function 0092E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                          • Opcode ID: 5e5faf73119dff7784ab59e590ec844b8de6bc93d3bcac59a69d399a9d228c16
                                                                                                                                                                                                          • Instruction ID: 868c6feaee80b8f2c31766aeb1fceabe6efa106db3b642ba4498f085652925ca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e5faf73119dff7784ab59e590ec844b8de6bc93d3bcac59a69d399a9d228c16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52C23C71E086298FDB25CF28ED907EAB7B9EB44304F1545EAD44DE7244E778AE818F40
                                                                                                                                                                                                          Function 0096648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009664DC
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00966639
                                                                                                                                                                                                          • CoCreateInstance.OLE32(0098FCF8,00000000,00000001,0098FB68,?), ref: 00966650
                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 009668D4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                                          • Opcode ID: 9ee589a2e0cc87a84dd86951e5a168e405787d17cd49f49509a62262777c7a91
                                                                                                                                                                                                          • Instruction ID: 3fe8a20e91935853fe1d973d7d3e81df6ad0b3da8e37f435857b488a59f49ae1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ee589a2e0cc87a84dd86951e5a168e405787d17cd49f49509a62262777c7a91
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60D13A715182059FD314EF28C881E6BB7E9FF94704F10496DF696CB291EB70EA05CB92
                                                                                                                                                                                                          Function 009722DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 009722E8
                                                                                                                                                                                                            • Part of subcall function 0096E4EC: GetWindowRect.USER32(?,?), ref: 0096E504
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00972312
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00972319
                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00972355
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00972381
                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009723DF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                                          • Opcode ID: bfb380b2ebd1d6900fc78cd8582aade57308447da99ef40c5cd30ae48973d3ac
                                                                                                                                                                                                          • Instruction ID: f5790f009bd55b23ef619c114e68321c9a9ec1e17888ef692f35b0f341402b4a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfb380b2ebd1d6900fc78cd8582aade57308447da99ef40c5cd30ae48973d3ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE31D072518315AFDB20DF14D849F5BBBAAFFC4710F004919F98997291DB34EA08CBA2
                                                                                                                                                                                                          Function 00969B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00969B78
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00969C8B
                                                                                                                                                                                                            • Part of subcall function 00963874: GetInputState.USER32 ref: 009638CB
                                                                                                                                                                                                            • Part of subcall function 00963874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00963966
                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00969BA8
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00969C75
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                                          • Opcode ID: eb57d333367335a7acab3c367c4bf83a97eab620aec06b45c2a35a65641c4131
                                                                                                                                                                                                          • Instruction ID: 8d491eaf8d2bec8d240108d90d0bbc12eadd5a9e6c0e52bd92f77fdfbe922b3c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb57d333367335a7acab3c367c4bf83a97eab620aec06b45c2a35a65641c4131
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52416E7190420AAFCF14DF64C985AEEBBBCFF45350F244056F859A2291EB349E84CF61
                                                                                                                                                                                                          Function 0090997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00909A4E
                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00909B23
                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00909B36
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Color$LongProcWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3131106179-0
                                                                                                                                                                                                          • Opcode ID: b8a6a1bebb6cf8b1bafe5c25c5749a68e9be391644d7d444ebbf2db440909af8
                                                                                                                                                                                                          • Instruction ID: 9eb35e4984983f99ae20a6f376fd0c126fa6684281ca4e8a9f230ccbf4eeccf0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8a6a1bebb6cf8b1bafe5c25c5749a68e9be391644d7d444ebbf2db440909af8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBA1247021D408BEE728AA7C8C98F7B7A9DDB86350F150609F412DA6D3CB299D01D376
                                                                                                                                                                                                          Function 00971806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0097304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0097307A
                                                                                                                                                                                                            • Part of subcall function 0097304E: _wcslen.LIBCMT ref: 0097309B
                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0097185D
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00971884
                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 009718DB
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 009718E6
                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00971915
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                                          • Opcode ID: 48ec471a4ed3c9768b7c0992ca4c1b87706d39c754d7824e327ab1a88e16c7fb
                                                                                                                                                                                                          • Instruction ID: 84b4a0d9786602ee5a653b40506f8d2884cf6adcde6dec7557e7bdd85cabff2e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48ec471a4ed3c9768b7c0992ca4c1b87706d39c754d7824e327ab1a88e16c7fb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D519475A002149FD710AF28C886F7A77E5EB84718F18C458FA099F3D3D775AD418BA2
                                                                                                                                                                                                          Function 00981C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                                          • Opcode ID: 9d8c0060219b41fac40cffccaf282ce76c3d8d8635e6b820202dfc1068b08a06
                                                                                                                                                                                                          • Instruction ID: 1c827366d84d1d82be749d5e596fb6fc638087de8ffc0eac6b3766ce12b54b8d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d8c0060219b41fac40cffccaf282ce76c3d8d8635e6b820202dfc1068b08a06
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A121A3717442115FD720AF2AD844B6A7BADEF85314B198068E886CB351DB71EC43CBA0
                                                                                                                                                                                                          Function 008F8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                          • API String ID: 0-1546025612
                                                                                                                                                                                                          • Opcode ID: 96f52c0e091d628152ec2d5f7894aac4b8d1a9362bf4fa2743d0689c23beb657
                                                                                                                                                                                                          • Instruction ID: 847d064847710e144724540bf7ed1f91e810d470f7a73e51aacd4618091a3840
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96f52c0e091d628152ec2d5f7894aac4b8d1a9362bf4fa2743d0689c23beb657
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A24871A0061ECBDF248F68C8447BEB7B5FB54314F2581AAE915EB284EB749D81CF90
                                                                                                                                                                                                          Function 0095AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0095AAAC
                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 0095AAC8
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0095AB36
                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0095AB88
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                          • Opcode ID: 094073df1d5026997cc92957bbb70cd9b036758386a5555f0df9d921732ec41b
                                                                                                                                                                                                          • Instruction ID: a8b1f80597e3407a64c78221016fdf25ba21d7eca767e07aa173508ce20c6a9c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 094073df1d5026997cc92957bbb70cd9b036758386a5555f0df9d921732ec41b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48314C70A40208AEFF30CB66CC05BFA77AAAB44312F04431BF881521D0D3758989D7EA
                                                                                                                                                                                                          Function 0096CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 0096CE89
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 0096CEEA
                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 0096CEFE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                                          • Opcode ID: 11ba8927f34d920ec6459dee8a3d0e3315993b77bd70efe26751b92dab82fca4
                                                                                                                                                                                                          • Instruction ID: b6b8d36acf0b3a93024d083f75d301f765d2ca154821049efe398015d279adec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11ba8927f34d920ec6459dee8a3d0e3315993b77bd70efe26751b92dab82fca4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C721EDB16043059BDB20CF65C948BA6B7FCEB40354F10481EF682D2151E735EE44DB60
                                                                                                                                                                                                          Function 00958298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 009582AA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                          • String ID: ($|
                                                                                                                                                                                                          • API String ID: 1659193697-1631851259
                                                                                                                                                                                                          • Opcode ID: e8ba1ffe6e4ba1e7feb7fc210f3826027a5bb9602501c4cb405e794f25f495b6
                                                                                                                                                                                                          • Instruction ID: 00eff583cede69069b5e8f30fd1c7435222ea6ba400b29a8b26e0e0491fdc01c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8ba1ffe6e4ba1e7feb7fc210f3826027a5bb9602501c4cb405e794f25f495b6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50322775A007059FCB28CF59C481A6AB7F0FF48710B15C56EE99AEB7A1EB70E941CB40
                                                                                                                                                                                                          Function 00965C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00965CC1
                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00965D17
                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00965D5F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                          • Opcode ID: 859856669f8760711cad27847a0e58db4b2bba99c433a19e9f7c9b19fd4380a9
                                                                                                                                                                                                          • Instruction ID: 81ed35c0834d22a02ad5b4b30a65b7672a4fa6f54b3f6b4c5d63495ce371db26
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 859856669f8760711cad27847a0e58db4b2bba99c433a19e9f7c9b19fd4380a9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A51AA74604A019FC714CF28C494A9AB7E8FF49324F15855EE9AA8B3E2CB30ED44CB91
                                                                                                                                                                                                          Function 00922622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0092271A
                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00922724
                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00922731
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                          • Opcode ID: ae5e4de3ee4d39fec42205363313bc94577656b8ecdd822aa47ff20018097d33
                                                                                                                                                                                                          • Instruction ID: 44275d2f92685ad53e244d19dcf39c5c9186b53a8d98f2a6bea4994dfa5b0eef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae5e4de3ee4d39fec42205363313bc94577656b8ecdd822aa47ff20018097d33
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E31D37491122CABCB21DF68DD897DDBBB8AF48310F5041EAE81CA7260E7709F858F44
                                                                                                                                                                                                          Function 009651CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 009651DA
                                                                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00965238
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 009652A1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1682464887-0
                                                                                                                                                                                                          • Opcode ID: 8d03a0b44124cf21a5cd8372f7f31fb91323c72c7c0523d5087697016c7d77ce
                                                                                                                                                                                                          • Instruction ID: 27a1e3f89229b99d0d3e4695c2159dfe4e86cb0c3290b98f3838dd02b9dd86ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d03a0b44124cf21a5cd8372f7f31fb91323c72c7c0523d5087697016c7d77ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC318E75A10508DFDB00DF64D8C8EADBBB4FF48314F058099E905AB3A2CB31E846CBA1
                                                                                                                                                                                                          Function 009516C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0090FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00910668
                                                                                                                                                                                                            • Part of subcall function 0090FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00910685
                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0095170D
                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0095173A
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0095174A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 577356006-0
                                                                                                                                                                                                          • Opcode ID: d991dad4e551cc159704341075e3cfc2f07f8f0474c1a2e2add72802a8a75311
                                                                                                                                                                                                          • Instruction ID: 89555e122a54efb0eef16c4a8eb74afd0f3d6e0a451ea9e7dad083db02c5062a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d991dad4e551cc159704341075e3cfc2f07f8f0474c1a2e2add72802a8a75311
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46110EB2414305AFD728EF64EC86E6BB7BDEB48711B20842EE45653681EB70BC418B20
                                                                                                                                                                                                          Function 0095D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0095D608
                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0095D645
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0095D650
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 33631002-0
                                                                                                                                                                                                          • Opcode ID: 8fd2d5f751f86b19aaf6fbf5e6c920367e34f25d07ee16799a2d8e32cda3b0f1
                                                                                                                                                                                                          • Instruction ID: 741461ce194f9cb752bdd1ce3ef9fc057511f5505ce77b88133538a4ca0819ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fd2d5f751f86b19aaf6fbf5e6c920367e34f25d07ee16799a2d8e32cda3b0f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA115EB5E06228BFDB20CF95EC45FAFBBBCEB45B50F108116F914E7290D6704A059BA1
                                                                                                                                                                                                          Function 00951663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0095168C
                                                                                                                                                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 009516A1
                                                                                                                                                                                                          • FreeSid.ADVAPI32(?), ref: 009516B1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3429775523-0
                                                                                                                                                                                                          • Opcode ID: 5fc17813a298a43b42234c7bc5e4fae716e2d69badc1a03a303be379220b5813
                                                                                                                                                                                                          • Instruction ID: 6aae4d2fbe2d0858845ee565b5e7d4fe88add538654ef5f5ac543361e551a88a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fc17813a298a43b42234c7bc5e4fae716e2d69badc1a03a303be379220b5813
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49F0F4B5950309FBDF00DFE49C89EAEBBBCEB08645F504565E901E2281E774AA449B60
                                                                                                                                                                                                          Function 0092C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                          • API String ID: 0-2043925204
                                                                                                                                                                                                          • Opcode ID: 9d4b7187bc49877a1973770eb277db2a03149759ea9fab921e855d66f776de71
                                                                                                                                                                                                          • Instruction ID: d3adac4f0da00b383a5a54fbe21b35af2e35e187e421d11e4c56c590ebdd72c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d4b7187bc49877a1973770eb277db2a03149759ea9fab921e855d66f776de71
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F4126B2900229ABCB20EFB9EC49EAF77BCEB84754F104669F915D7184E6709D818B50
                                                                                                                                                                                                          Function 0094D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 0094D28C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                                          • Opcode ID: fba770683d475b33ce852882235711d9ed41a0425dacaaa106cde870235da716
                                                                                                                                                                                                          • Instruction ID: e49b2e2fc95f0108da0bba2a9f7b0de48d8d583180f3652090f31a2cdd12627a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fba770683d475b33ce852882235711d9ed41a0425dacaaa106cde870235da716
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44D0C9B481611DEFCF90CB90DC88DD9B37CBB04345F100651F106A2140D77495489F20
                                                                                                                                                                                                          Function 0091CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                          • Instruction ID: 46d92e5ff2ef39d8ada638918b1bc2e677afa31f919a246d1104b74f04d48780
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2021CB1F402199BDF14CFA9D8806EDBBF5EF88314F25856AD819E7380D731AE418B94
                                                                                                                                                                                                          Function 009668EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00966918
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00966961
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                          • Opcode ID: 37ff40f5599b694761061611811cc2a2b57ebd489d82289a9c623d2ab82e7a66
                                                                                                                                                                                                          • Instruction ID: 2f11ee7732d5ac1d529a973d8ce0d99334af9798b6e76aa9392adfef035562ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37ff40f5599b694761061611811cc2a2b57ebd489d82289a9c623d2ab82e7a66
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8611D0716042059FD710CF29C484A26BBE4FF88328F04C699E8698F3A2CB30EC05CB91
                                                                                                                                                                                                          Function 009637B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00974891,?,?,00000035,?), ref: 009637E4
                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00974891,?,?,00000035,?), ref: 009637F4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                          • Opcode ID: ce0703560f01e1ff6bd595fb5c4936fdff5528f3a987fc53005f5c03ae6e97c2
                                                                                                                                                                                                          • Instruction ID: 0124879bfad4f7c83cdc8b985e1f5f8f1c7d63dd824e57732d2ac8f1e8880801
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0703560f01e1ff6bd595fb5c4936fdff5528f3a987fc53005f5c03ae6e97c2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2F0E5B06042292AE72017769C4DFEB3AAEEFC4761F000165F509E2291DA709904C7B0
                                                                                                                                                                                                          Function 0095B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0095B25D
                                                                                                                                                                                                          • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0095B270
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                                                                          • Opcode ID: d94bc5db8fd874173c69f9a45cb49f265b5d6169b7eb79119b2ca68cadc4f53d
                                                                                                                                                                                                          • Instruction ID: 5042e92ca8813b6e3f46f0c752f5c74a3a59ac08fa743b862107d1d0f34bd75e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d94bc5db8fd874173c69f9a45cb49f265b5d6169b7eb79119b2ca68cadc4f53d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF01D7181424DABDF05DFA1D805BAE7BB4FF04305F008409F965A5291C77996159FA4
                                                                                                                                                                                                          Function 009510BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009511FC), ref: 009510D4
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,009511FC), ref: 009510E9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                                                                          • Opcode ID: a2a9549faaa2cacad752da22c38b4ee734c281dfed8ea1d259951a2967dcbf12
                                                                                                                                                                                                          • Instruction ID: c2317a1fe5ce38326530ffccfe762d644f34c36292e0bbf385811423937ee2b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2a9549faaa2cacad752da22c38b4ee734c281dfed8ea1d259951a2967dcbf12
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E0BF72018611AEE7256B61FC05F7777ADEB04311F24892EF5A5805F1DB72AC90EB60
                                                                                                                                                                                                          Function 008FCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Variable is not of type 'Object'., xrefs: 00940C40
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                          • API String ID: 0-1840281001
                                                                                                                                                                                                          • Opcode ID: c98bcb922c7ec9e1cfd6125ef8a9785266ab7b7c0b34c4dc6fd5fe8ccca0b619
                                                                                                                                                                                                          • Instruction ID: b96f0e5358050f655582086092d92ebbf55e86ae82664803d6a1289133900ad7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c98bcb922c7ec9e1cfd6125ef8a9785266ab7b7c0b34c4dc6fd5fe8ccca0b619
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A326A7090021DDBCF14DFA4CA85AFDB7B9FF44308F144059EA06AB292DB75AE45CB61
                                                                                                                                                                                                          Function 0092676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00926766,?,?,00000008,?,?,0092FEFE,00000000), ref: 00926998
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                          • Opcode ID: dc82c654b443c68821c72469299be52b0e1b8caa43798e1c3eb4aa5ef93e7d8c
                                                                                                                                                                                                          • Instruction ID: 0b175aa6505b181df4175977cb56a60c48693e69716aba49b6264b3c883e9e62
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc82c654b443c68821c72469299be52b0e1b8caa43798e1c3eb4aa5ef93e7d8c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52B17A35610618CFD719CF28D48AB647BE0FF45364F298698E8DACF6A6C735E981CB40
                                                                                                                                                                                                          Function 0090B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                          • Opcode ID: f298ab42f9ec758cd745dc14c6b6e917fc64786c40603f7db6f2a4f4319f19b1
                                                                                                                                                                                                          • Instruction ID: 9ca2338a55c44f33df4b01ac516d4bdb322bd63c812da467a6275634fcc2bdee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f298ab42f9ec758cd745dc14c6b6e917fc64786c40603f7db6f2a4f4319f19b1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F1230759002299FDB14DF58C881BEEB7F9FF48710F14819AE849EB295DB349E81CB90
                                                                                                                                                                                                          Function 0096EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 0096EABD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                                          • Opcode ID: 11178d9c44ef92d61c69ec16fc32a739566a20fa6b494462aa4fba8c0d7607ad
                                                                                                                                                                                                          • Instruction ID: 0c8d9acf23238a8bd69b17a7c324dd6aa8c02e8d06e34ea1ca2e114f213f8e11
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11178d9c44ef92d61c69ec16fc32a739566a20fa6b494462aa4fba8c0d7607ad
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56E01A392102099FC710EFA9D844E9AF7E9FF98760F008426FD49C7351DAB4E8408BA1
                                                                                                                                                                                                          Function 009109D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,009103EE), ref: 009109DA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                          • Opcode ID: d7558226439822dee4631abfe70ac8ceaeeba22f1ae26e319de3255458c01f38
                                                                                                                                                                                                          • Instruction ID: 7b21ec81cc9ced11dee26ddcc90b7a204efcca0db5b80210d835456214ca830e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7558226439822dee4631abfe70ac8ceaeeba22f1ae26e319de3255458c01f38
                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                          Function 0091781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                          • Instruction ID: da2afe27cdbebb53ef2b4e0ff906352318bb9f59fc16d3000f62d9beabc96657
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A351386170C64F67DB3885E889997FFE3BD9B42340F180989E882D7282C615DECAD356
                                                                                                                                                                                                          Function 00926DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 611b677661a5e3d8c00d8ede76bdbaea1939761ac964e5d03cc5cddb6ff73b15
                                                                                                                                                                                                          • Instruction ID: 0cd8b9b52a6832acceebbdc2087aab6bb7d27a418243c26f9f5fca085228d09a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 611b677661a5e3d8c00d8ede76bdbaea1939761ac964e5d03cc5cddb6ff73b15
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D321122D3DF114DD7239638E862336A24DAFB73C5F25D727F81AB59A9EB29C4835100
                                                                                                                                                                                                          Function 0090CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 108f738f5953af6da507178d57834019629869f702c724cc40f87a07883d8479
                                                                                                                                                                                                          • Instruction ID: 6504da76c743b731d16cc2b499585c5b7adf23ca6495ae67a84ae58d3cc5b7e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 108f738f5953af6da507178d57834019629869f702c724cc40f87a07883d8479
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F3247B1A051258FDF68CF28C4D0E7D77A9EB45315F298A2AD48ADB2D2E334DD81DB00
                                                                                                                                                                                                          Function 008F7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 579943608a80c425801b80cf2a26aefb78863278db43fad0032183e6f5771d1f
                                                                                                                                                                                                          • Instruction ID: ae2d3865770f3cb038364eb1eee52f1341a0f656e5b00fdaac942a6e684037e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 579943608a80c425801b80cf2a26aefb78863278db43fad0032183e6f5771d1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F229F70A0460ADFDF14CF64C881ABEB7B6FF48314F214629E816E7291EB36AD51CB51
                                                                                                                                                                                                          Function 008F91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7de8b34391f872da34d2104b51e5eade54e40ebb5170d18080e44eb6d6517dc2
                                                                                                                                                                                                          • Instruction ID: 62f0ac0ad56eb614ffef409c688feda90edb4224b8d63de66dd433da4f308fff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7de8b34391f872da34d2104b51e5eade54e40ebb5170d18080e44eb6d6517dc2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B02A2B1A0020AEBDB14DF64D881BAEB7B5FF44300F118169E956DB2D1EB31AE51CF91
                                                                                                                                                                                                          Function 00929EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fe87959655556f31d3102427c59608cc97bf9a5bc7a95d4da5b6af716034489f
                                                                                                                                                                                                          • Instruction ID: 889353caef9a45fdf7f9bf0370fe0f6bf59cb46a5c24348559c8f95d128404c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe87959655556f31d3102427c59608cc97bf9a5bc7a95d4da5b6af716034489f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61B11221D7AF514DD3239A398832336B65CAFBB6D5F91D31BFC2674D22EB2286835140
                                                                                                                                                                                                          Function 00917A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 74378dfb70bf8ef55bd4198ae63e0a6f46f3330c2714442ccb8bbaea09d7c331
                                                                                                                                                                                                          • Instruction ID: de48c66e439c4170500785f6eaaf54fc392a83a4b5660400e7ad673fa4ec071b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74378dfb70bf8ef55bd4198ae63e0a6f46f3330c2714442ccb8bbaea09d7c331
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2261346178C70F56DA349AE88995BFFE3BCDF81700F24091AE883DB281DB159EC28355
                                                                                                                                                                                                          Function 00917CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4d39fe64e695102433f802d8a214c411bf84b6520ae98d2a5a730315703e6887
                                                                                                                                                                                                          • Instruction ID: 13a9e5b25b3afdbd80419ce0d47deff7f20e53b705ac32ecc186d57ee05b04c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d39fe64e695102433f802d8a214c411bf84b6520ae98d2a5a730315703e6887
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E461566970C60F66DA384AE86855BFFE3FC9F82704F100D59E843CB2D1DA16ADC2D255
                                                                                                                                                                                                          Function 00962046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f02df4d4e4893946398ac2e17f6089b56f880093767a94cfd7453881d209b828
                                                                                                                                                                                                          • Instruction ID: ed2ff82570823406f1c30a211f2fa58795b41a7f896338e50fc6cc123bceb7a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f02df4d4e4893946398ac2e17f6089b56f880093767a94cfd7453881d209b828
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8321EC327206158BD728CF79C92367E73E9A794310F25862EE4A7C37D0DE39A904DB90
                                                                                                                                                                                                          Function 00972ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00972B30
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00972B43
                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00972B52
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00972B6D
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00972B74
                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00972CA3
                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00972CB1
                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972CF8
                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00972D04
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00972D40
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D62
                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D75
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D80
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00972D89
                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D98
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00972DA1
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972DA8
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00972DB3
                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972DC5
                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0098FC38,00000000), ref: 00972DDB
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00972DEB
                                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00972E11
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00972E30
                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972E52
                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0097303F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                                          • Opcode ID: 10f555a8f90940684b6dacec04aba7f9a9b383c2335a7d98bfef787aba7e5146
                                                                                                                                                                                                          • Instruction ID: 5c9503a78b824d630881059f56cf0e349ebd93bca24674888e82c41d941fd0fc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f555a8f90940684b6dacec04aba7f9a9b383c2335a7d98bfef787aba7e5146
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7029CB2910209AFDB14DF64CC89EAE7BB9FF49314F048159F919AB2A1D774ED00DB60
                                                                                                                                                                                                          Function 009870D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 0098712F
                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00987160
                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0098716C
                                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 00987186
                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00987195
                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 009871C0
                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 009871C8
                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 009871CF
                                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 009871DE
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 009871E5
                                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00987230
                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00987262
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00987284
                                                                                                                                                                                                            • Part of subcall function 009873E8: GetSysColor.USER32(00000012), ref: 00987421
                                                                                                                                                                                                            • Part of subcall function 009873E8: SetTextColor.GDI32(?,?), ref: 00987425
                                                                                                                                                                                                            • Part of subcall function 009873E8: GetSysColorBrush.USER32(0000000F), ref: 0098743B
                                                                                                                                                                                                            • Part of subcall function 009873E8: GetSysColor.USER32(0000000F), ref: 00987446
                                                                                                                                                                                                            • Part of subcall function 009873E8: GetSysColor.USER32(00000011), ref: 00987463
                                                                                                                                                                                                            • Part of subcall function 009873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00987471
                                                                                                                                                                                                            • Part of subcall function 009873E8: SelectObject.GDI32(?,00000000), ref: 00987482
                                                                                                                                                                                                            • Part of subcall function 009873E8: SetBkColor.GDI32(?,00000000), ref: 0098748B
                                                                                                                                                                                                            • Part of subcall function 009873E8: SelectObject.GDI32(?,?), ref: 00987498
                                                                                                                                                                                                            • Part of subcall function 009873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009874B7
                                                                                                                                                                                                            • Part of subcall function 009873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009874CE
                                                                                                                                                                                                            • Part of subcall function 009873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009874DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                                          • Opcode ID: 95733e31c183824fff1067c40138b19a96ffbb6078d4a959ed3ab67046c71467
                                                                                                                                                                                                          • Instruction ID: 3f0adc9b696bedbbb3306922501e6b0e02e0fce4515e31d162c9ca5ed9a7a555
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95733e31c183824fff1067c40138b19a96ffbb6078d4a959ed3ab67046c71467
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3A194B201C301BFDB10AF64DC48E5BBBA9FF49321F100A19F562962E1D775D944DB61
                                                                                                                                                                                                          Function 00972711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 0097273E
                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0097286A
                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009728A9
                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009728B9
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00972900
                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 0097290C
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00972955
                                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00972964
                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00972974
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00972978
                                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00972988
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00972991
                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0097299A
                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009729C6
                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 009729DD
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00972A1D
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00972A31
                                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00972A42
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00972A77
                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00972A82
                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00972A8D
                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00972A97
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                                          • Opcode ID: 111626495e5170a6ef901c547381e127ae92398abf0dd2121448fd3ae645f188
                                                                                                                                                                                                          • Instruction ID: 4e09b3cabe886acce8ab8d88a3c4f731a2b844004795c36ce44aee036334973a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 111626495e5170a6ef901c547381e127ae92398abf0dd2121448fd3ae645f188
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49B15DB1A10209AFEB14DF68CD89FAE7BA9FB48714F008114FA15E7291D774ED40CBA4
                                                                                                                                                                                                          Function 00964ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00964AED
                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,0098CB68,?,\\.\,0098CC08), ref: 00964BCA
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,0098CB68,?,\\.\,0098CC08), ref: 00964D36
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                                          • Opcode ID: d83d787d9953eed367a02fb5d0abb41353040e7ae26cc58fec98fbc1dfe82701
                                                                                                                                                                                                          • Instruction ID: 262c5702510c735129a318bb0ee381e7b5fc3a2fb85b7027a027fd7ae15e6651
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d83d787d9953eed367a02fb5d0abb41353040e7ae26cc58fec98fbc1dfe82701
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1061C17060520A9BCB14DFA8CA819FD7BA4EF84354B248815F886EB391DB3DFD41DB42
                                                                                                                                                                                                          Function 009873E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00987421
                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00987425
                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0098743B
                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00987446
                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 0098744B
                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 00987463
                                                                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00987471
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00987482
                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0098748B
                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00987498
                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 009874B7
                                                                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009874CE
                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 009874DB
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0098752A
                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00987554
                                                                                                                                                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00987572
                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 0098757D
                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 0098758E
                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00987596
                                                                                                                                                                                                          • DrawTextW.USER32(?,009870F5,000000FF,?,00000000), ref: 009875A8
                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 009875BF
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 009875CA
                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 009875D0
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 009875D5
                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 009875DB
                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 009875E5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                                                                          • Opcode ID: c21cc21b3096a094214ff7484245bfcf86f2b4885a959a3ef7e21fd77ca540a2
                                                                                                                                                                                                          • Instruction ID: 796a8b022f38367a0cc6ca001491df87c982fd7d466de832e6948735d40bb511
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c21cc21b3096a094214ff7484245bfcf86f2b4885a959a3ef7e21fd77ca540a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E6160B2918218AFDF019FA4DC49EAEBF79EB08320F214515F915AB3A1D7749940DBA0
                                                                                                                                                                                                          Function 00980FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00981128
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0098113D
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00981144
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00981199
                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 009811B9
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009811ED
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0098120B
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0098121D
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00981232
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00981245
                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 009812A1
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009812BC
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009812D0
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 009812E8
                                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 0098130E
                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00981328
                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 0098133F
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 009813AA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                                          • Opcode ID: 7011e84b178aca6f3a81ca61a12fc667e26306e359452a400132d492032ef4de
                                                                                                                                                                                                          • Instruction ID: 6921796367a537bbd73057eecfe909520fc55d274a8417f892d10e904293bc95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7011e84b178aca6f3a81ca61a12fc667e26306e359452a400132d492032ef4de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10B17071608341AFD714DF68C884B6ABBE8FF88350F00891DF9999B361D771E845CBA2
                                                                                                                                                                                                          Function 00980241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 009802E5
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0098031F
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00980389
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009803F1
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00980475
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009804C5
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00980504
                                                                                                                                                                                                            • Part of subcall function 0090F9F2: _wcslen.LIBCMT ref: 0090F9FD
                                                                                                                                                                                                            • Part of subcall function 0095223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00952258
                                                                                                                                                                                                            • Part of subcall function 0095223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0095228A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                                          • Opcode ID: ac7d7684198a17277e20cafad83734108715cf7e196cc509da6cb5d8b64b607f
                                                                                                                                                                                                          • Instruction ID: f8cdc6beef4ae05130d5b791e5c62378386c69b6c05702e4789f16edf58c02ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac7d7684198a17277e20cafad83734108715cf7e196cc509da6cb5d8b64b607f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68E19B312082018FC764EF28C55197AB7E6FFC8714B144A6DF8969B3A1EB34ED49CB52
                                                                                                                                                                                                          Function 00908891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00908968
                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 00908970
                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0090899B
                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 009089A3
                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 009089C8
                                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 009089E5
                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 009089F5
                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00908A28
                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00908A3C
                                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 00908A5A
                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00908A76
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00908A81
                                                                                                                                                                                                            • Part of subcall function 0090912D: GetCursorPos.USER32(?), ref: 00909141
                                                                                                                                                                                                            • Part of subcall function 0090912D: ScreenToClient.USER32(00000000,?), ref: 0090915E
                                                                                                                                                                                                            • Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000001), ref: 00909183
                                                                                                                                                                                                            • Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000002), ref: 0090919D
                                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,009090FC), ref: 00908AA8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                                          • Opcode ID: 14108ad2d1ee3ba21aea264cd9f39f77fde968b46b44f5d295f68bcbae9cbab8
                                                                                                                                                                                                          • Instruction ID: f69f1c145630e0aa379951642de7ef0f915dbca2a4a4937090a5494c8ba4db48
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14108ad2d1ee3ba21aea264cd9f39f77fde968b46b44f5d295f68bcbae9cbab8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CB158B1A0420AAFDF14DFA8DC55FAA3BB5FB49314F104229FA15A72D0DB34E840DB65
                                                                                                                                                                                                          Function 00950D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00951114
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951120
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 0095112F
                                                                                                                                                                                                            • Part of subcall function 009510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951136
                                                                                                                                                                                                            • Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0095114D
                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00950DF5
                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00950E29
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00950E40
                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00950E7A
                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00950E96
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00950EAD
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00950EB5
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00950EBC
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00950EDD
                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00950EE4
                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00950F13
                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00950F35
                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00950F47
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950F6E
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950F75
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950F7E
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950F85
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950F8E
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950F95
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00950FA1
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00950FA8
                                                                                                                                                                                                            • Part of subcall function 00951193: GetProcessHeap.KERNEL32(00000008,00950BB1,?,00000000,?,00950BB1,?), ref: 009511A1
                                                                                                                                                                                                            • Part of subcall function 00951193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00950BB1,?), ref: 009511A8
                                                                                                                                                                                                            • Part of subcall function 00951193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00950BB1,?), ref: 009511B7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                          • Opcode ID: a2e6a4249d1b9b5ba76972e0032776b952e069da5ce18a9305c7c744843ec6be
                                                                                                                                                                                                          • Instruction ID: 3e4e3351e165f7619d4979ee456111e0c6ef2cc5932055ae363ecbfa7001911b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2e6a4249d1b9b5ba76972e0032776b952e069da5ce18a9305c7c744843ec6be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B715AB290420AABDF20DFA5DC49FAEBBBCBF44742F144115FD19A6291D7319A09CB70
                                                                                                                                                                                                          Function 0097C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097C4BD
                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,0098CC08,00000000,?,00000000,?,?), ref: 0097C544
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0097C5A4
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097C5F4
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097C66F
                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0097C6B2
                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0097C7C1
                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0097C84D
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0097C881
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0097C88E
                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0097C960
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                                          • Opcode ID: 5f156b3e79ccca837ef704e3e582bf7e4b8cf8f663ccad402856ab5df7a53f6e
                                                                                                                                                                                                          • Instruction ID: 5debf7d666aa3b01c979d5e75a300d40d30f2c2c1b512646fdfd8edf08513d86
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f156b3e79ccca837ef704e3e582bf7e4b8cf8f663ccad402856ab5df7a53f6e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13126A756042059FDB14DF28C881B6AB7E5FF88714F14885CF98A9B3A2DB31ED45CB82
                                                                                                                                                                                                          Function 0098091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 009809C6
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00980A01
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00980A54
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00980A8A
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00980B06
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00980B81
                                                                                                                                                                                                            • Part of subcall function 0090F9F2: _wcslen.LIBCMT ref: 0090F9FD
                                                                                                                                                                                                            • Part of subcall function 00952BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00952BFA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                                          • Opcode ID: 85f5d7d60bdf7ce33ee9a13139c0d538a6a19fcb1607191ced81523e0242abdd
                                                                                                                                                                                                          • Instruction ID: a63a0ef0f6b89d85fae8700d57049a31607023b76beba83db80bb3f5ed61a4ff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85f5d7d60bdf7ce33ee9a13139c0d538a6a19fcb1607191ced81523e0242abdd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0E19B312087018FCB54EF29C45096AB7E5FFD8354B14895DF8969B3A2DB31EE49CB82
                                                                                                                                                                                                          Function 0097C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                                          • Opcode ID: 6c4fe451a9ebb54fe3746c1d9727756fc94fe1d7d5b44a0994b8280200f8053a
                                                                                                                                                                                                          • Instruction ID: eed677540bd6f3944d282e57d6d46fcefc1c04657b5b57ef2b3062cf9e1df7f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c4fe451a9ebb54fe3746c1d9727756fc94fe1d7d5b44a0994b8280200f8053a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C71F9B360052A8BCB24DE7CCD516FE3399AFA4764B25852CF85D97284EA35CD45C3A0
                                                                                                                                                                                                          Function 0098833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0098835A
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0098836E
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00988391
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009883B4
                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009883F2
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00985BF2), ref: 0098844E
                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00988487
                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009884CA
                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00988501
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0098850D
                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0098851D
                                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,00985BF2), ref: 0098852C
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00988549
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00988555
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                                          • Opcode ID: 769b15adc53428561c71c2f83b9ec1eb39d297d1023129845a3022c59fce3b4e
                                                                                                                                                                                                          • Instruction ID: 95e27921acb0033e8590c5d9f7c6dc08d01fc56b12858e5e6bb457e767439933
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769b15adc53428561c71c2f83b9ec1eb39d297d1023129845a3022c59fce3b4e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA61DE72604209BAEB14EF64CC81BBF77ACBF48B21F504609F815D62E1DB74A980D7B0
                                                                                                                                                                                                          Function 008F7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                          • API String ID: 0-1645009161
                                                                                                                                                                                                          • Opcode ID: ed12c954a60d2a4f4a17a77a1ab68196423c27097a8b24085a3f37daae31c87e
                                                                                                                                                                                                          • Instruction ID: 0104eec3f4e1d0d4159d76244672175680d5267f33b70f50db5733092811571d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed12c954a60d2a4f4a17a77a1ab68196423c27097a8b24085a3f37daae31c87e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4281B471614209AAEB20BF74CC42FBB37A9FF95344F054024FA05EA196EB70DA51D7A1
                                                                                                                                                                                                          Function 00963E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 00963EF8
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00963F03
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00963F5A
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00963F98
                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 00963FD6
                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0096401E
                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00964059
                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00964087
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                          • API String ID: 1839972693-4113822522
                                                                                                                                                                                                          • Opcode ID: d2e7dd523e41a5715a78f681bd0f448a6ac712c8e0c265992bf7d7503c69625c
                                                                                                                                                                                                          • Instruction ID: 5f86402c5b65fde04ea1d0c7a4f676bdf8eeeaadffd26db461c97e5b7a662bce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2e7dd523e41a5715a78f681bd0f448a6ac712c8e0c265992bf7d7503c69625c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3771AD726042169FC310DF38C8809AAB7E8FF94768F10892DFA95D7251EB35EE45CB52
                                                                                                                                                                                                          Function 00955A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00955A2E
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00955A40
                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00955A57
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00955A6C
                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00955A72
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00955A82
                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00955A88
                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00955AA9
                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00955AC3
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00955ACC
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00955B33
                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00955B6F
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00955B75
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00955B7C
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00955BD3
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00955BE0
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00955C05
                                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00955C2F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                                          • Opcode ID: 2e6d48e6d951618dec0b6eeb19d6852f596f5553fb9363165f6439bd1dcdb6bd
                                                                                                                                                                                                          • Instruction ID: a70acaa429d152c717f10e2e3ed04d55996b9f0e0b3d11561ce38eab95dcc015
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e6d48e6d951618dec0b6eeb19d6852f596f5553fb9363165f6439bd1dcdb6bd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8719F71900B05AFCB20DFA9CE59B6EBBF9FF48705F110918E542A36A1D774E904CB60
                                                                                                                                                                                                          Function 0096FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 0096FE27
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 0096FE32
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0096FE3D
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 0096FE48
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 0096FE53
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 0096FE5E
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 0096FE69
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 0096FE74
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 0096FE7F
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 0096FE8A
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 0096FE95
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 0096FEA0
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 0096FEAB
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 0096FEB6
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 0096FEC1
                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 0096FECC
                                                                                                                                                                                                          • GetCursorInfo.USER32(?), ref: 0096FEDC
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0096FF1E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3215588206-0
                                                                                                                                                                                                          • Opcode ID: 9e6f6ea36adce6a6321f60486492bf3c77e16f16a030a97fb3062915b435262b
                                                                                                                                                                                                          • Instruction ID: ae20fb0520b249b2b5690310d73b6f8da14a9e6582fa4dbe4db0692ec98be2c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6f6ea36adce6a6321f60486492bf3c77e16f16a030a97fb3062915b435262b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C4135B0D083196ADB10DFBA9C8585EBFE8FF04754B50452AF11DE7281DB789901CF91
                                                                                                                                                                                                          Function 009100C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 009100C6
                                                                                                                                                                                                            • Part of subcall function 009100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(009C070C,00000FA0,4F1D7D06,?,?,?,?,009323B3,000000FF), ref: 0091011C
                                                                                                                                                                                                            • Part of subcall function 009100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,009323B3,000000FF), ref: 00910127
                                                                                                                                                                                                            • Part of subcall function 009100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,009323B3,000000FF), ref: 00910138
                                                                                                                                                                                                            • Part of subcall function 009100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0091014E
                                                                                                                                                                                                            • Part of subcall function 009100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0091015C
                                                                                                                                                                                                            • Part of subcall function 009100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0091016A
                                                                                                                                                                                                            • Part of subcall function 009100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00910195
                                                                                                                                                                                                            • Part of subcall function 009100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009101A0
                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 009100E7
                                                                                                                                                                                                            • Part of subcall function 009100A3: __onexit.LIBCMT ref: 009100A9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00910122
                                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 00910148
                                                                                                                                                                                                          • kernel32.dll, xrefs: 00910133
                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 00910154
                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 00910162
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                                          • Opcode ID: 8c2ac94ab25cabe234175e3e93135774bb0b840f1216c49d8ca048e5004dbd1e
                                                                                                                                                                                                          • Instruction ID: a6e3968cf6949f8a794a76d3341ce14ca2611058cf372599ae3346b8a0a707c4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c2ac94ab25cabe234175e3e93135774bb0b840f1216c49d8ca048e5004dbd1e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5210772B5C704EFD7106B64AC59FAA3398EBC5F54F000129F901E27D1DBB998809BA0
                                                                                                                                                                                                          Function 009530F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                                          • Opcode ID: c2239995ab177f7dcb50e774f3469820a53ffbd7c37c18d58699cbbcc101c565
                                                                                                                                                                                                          • Instruction ID: c5104a20c1541b79aa53972dd5e7be87d9f50c1cf50f152848bc9ef5cea51bd0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2239995ab177f7dcb50e774f3469820a53ffbd7c37c18d58699cbbcc101c565
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E1F632A0051AABCB24DF79C4517EDBBB4BF44791F64C529E856E7240EB30AF8D8790
                                                                                                                                                                                                          Function 009644C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,0098CC08), ref: 00964527
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0096453B
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00964599
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009645F4
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0096463F
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009646A7
                                                                                                                                                                                                            • Part of subcall function 0090F9F2: _wcslen.LIBCMT ref: 0090F9FD
                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,009B6BF0,00000061), ref: 00964743
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                                          • Opcode ID: 73af4fb4fa4b550a319e14f6a149bdb660abcb7bac3bda86463ae09e640d1033
                                                                                                                                                                                                          • Instruction ID: b3448f404cf851492a54325cd2160c1ddf7db204680f7959e6e21dc4c33b808f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73af4fb4fa4b550a319e14f6a149bdb660abcb7bac3bda86463ae09e640d1033
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B1FF716083029FC720DF68C890A7AB7E9FFA5760F50491DF596C7291EB34D944CBA2
                                                                                                                                                                                                          Function 00973FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,0098CC08), ref: 009740BB
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 009740CD
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0098CC08), ref: 009740F2
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,0098CC08), ref: 0097413E
                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028,?,0098CC08), ref: 009741A8
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000009), ref: 00974262
                                                                                                                                                                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 009742C8
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 009742F2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                          • API String ID: 354098117-199464113
                                                                                                                                                                                                          • Opcode ID: 60c619605e2a0ffa82837c4c4cd76b6fc83fb3319c7cb9fd6dbbbdb9797b348b
                                                                                                                                                                                                          • Instruction ID: 1220fc4e9cec8e051b860a953493e80e0af9ddbef218e9ffb09a561e4546f9b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c619605e2a0ffa82837c4c4cd76b6fc83fb3319c7cb9fd6dbbbdb9797b348b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6122976A00119EFDB14DF94C884EAEB7B9FF45314F24C098E9199B262D731ED46CBA0
                                                                                                                                                                                                          Function 008F326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenuItemCount.USER32(009C1990), ref: 00932F8D
                                                                                                                                                                                                          • GetMenuItemCount.USER32(009C1990), ref: 0093303D
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00933081
                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0093308A
                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(009C1990,00000000,?,00000000,00000000,00000000), ref: 0093309D
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 009330A9
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                                          • Opcode ID: 76f4761c9922a2b34fc24b6d63ad7dceef6f489e1851ae777bd690d261d09c37
                                                                                                                                                                                                          • Instruction ID: 0fce5df7e4b14c0cee5e1690fba02f1f67eb9ed98676e5ce41dee880a3d743e8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76f4761c9922a2b34fc24b6d63ad7dceef6f489e1851ae777bd690d261d09c37
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C712C70644209BFEB259F29CC49FAABF68FF05364F204216F614AA2E1C7B1AD14DB50
                                                                                                                                                                                                          Function 00986CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 00986DEB
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00986E5F
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00986E81
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00986E94
                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00986EB5
                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,008F0000,00000000), ref: 00986EE4
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00986EFD
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00986F16
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00986F1D
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00986F35
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00986F4D
                                                                                                                                                                                                            • Part of subcall function 00909944: GetWindowLongW.USER32(?,000000EB), ref: 00909952
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                                          • Opcode ID: b85b90aa5c033e17a717cb653c28dbf0f8522179c395b1dcf6a7d403dcc18f13
                                                                                                                                                                                                          • Instruction ID: 0040b08fe494ada4305213a07461b0877f359ebb21f4dc9f55bbbcfd69af1e4c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b85b90aa5c033e17a717cb653c28dbf0f8522179c395b1dcf6a7d403dcc18f13
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D717AB0504245AFDB21DF28DC48FAABBE9FB89304F44051DFA898B362D770E905DB25
                                                                                                                                                                                                          Function 0098911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 00989147
                                                                                                                                                                                                            • Part of subcall function 00987674: ClientToScreen.USER32(?,?), ref: 0098769A
                                                                                                                                                                                                            • Part of subcall function 00987674: GetWindowRect.USER32(?,?), ref: 00987710
                                                                                                                                                                                                            • Part of subcall function 00987674: PtInRect.USER32(?,?,00988B89), ref: 00987720
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 009891B0
                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009891BB
                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009891DE
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00989225
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0098923E
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00989255
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00989277
                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0098927E
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00989371
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                          • API String ID: 221274066-3440237614
                                                                                                                                                                                                          • Opcode ID: 6e8bfcada456514f13a8c4884f4cf4f30cc595c93274502fe804b856a589c1c1
                                                                                                                                                                                                          • Instruction ID: 4c750523996b29465ad5d76dd9118140a3f063d197d95a2047a0d7883efa8ae9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8bfcada456514f13a8c4884f4cf4f30cc595c93274502fe804b856a589c1c1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9613B71508305AFC705EF64DC85EABBBE8FFC9750F00092DF595922A1DB709A49CB62
                                                                                                                                                                                                          Function 0096C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0096C4B0
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0096C4C3
                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0096C4D7
                                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0096C4F0
                                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0096C533
                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0096C549
                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0096C554
                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0096C584
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0096C5DC
                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0096C5F0
                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0096C5FB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                                          • Opcode ID: fe9b9aa85769690d3df8fa3585f45909d2b68eb6beb9e2f9d3227cae98ce9390
                                                                                                                                                                                                          • Instruction ID: 986166266265e0d903550933d335abe11be38d4576cbba912c2c8ee6a5eb26c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe9b9aa85769690d3df8fa3585f45909d2b68eb6beb9e2f9d3227cae98ce9390
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 955139F1604309BFEB219F64CD88ABB7BBCFB08754F00441AF996D6650DB34E944AB60
                                                                                                                                                                                                          Function 0098856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00988592
                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885A2
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885AD
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885BA
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 009885C8
                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885D7
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 009885E0
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885E7
                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885F8
                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0098FC38,?), ref: 00988611
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00988621
                                                                                                                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00988641
                                                                                                                                                                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00988671
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00988699
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009886AF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                                          • Opcode ID: 92d7cca0db6c44d2292a8361a30fd81cd0ca1a6facc391cbbc5d1de67e19a637
                                                                                                                                                                                                          • Instruction ID: c2f51bbbf404fe643a275997e79c9ae8bcd52edecdbd5df47f41550d8e7687be
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92d7cca0db6c44d2292a8361a30fd81cd0ca1a6facc391cbbc5d1de67e19a637
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 834107B5614208AFDB119FA5DC88EAB7BBDEF89B15F104058F915E73A0DB309901EB70
                                                                                                                                                                                                          Function 009614BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00961502
                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0096150B
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00961517
                                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009615FB
                                                                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00961657
                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00961708
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0096178C
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 009617D8
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 009617E7
                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00961823
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                          • API String ID: 1234038744-3931177956
                                                                                                                                                                                                          • Opcode ID: e63d86766071c21b02f88aeb9fc842fe9372fe9b170d1d29462616c089e63c9c
                                                                                                                                                                                                          • Instruction ID: d8a74427ed75307d8ddfccc14473c641673053450c9cd78f001baa0b6b521a29
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e63d86766071c21b02f88aeb9fc842fe9372fe9b170d1d29462616c089e63c9c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2D1CD71A00215EBDB109F65E885B79F7B9FF84700F18845AF447AB690EB34ED40DBA2
                                                                                                                                                                                                          Function 0097B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E
                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097B6F4
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0097B772
                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 0097B80A
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0097B87E
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0097B89C
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0097B8F2
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0097B904
                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0097B922
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0097B983
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0097B994
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                                          • Opcode ID: 2ca8badb1c01ffc42babd09dbdb2858a9e0f0bc2f06e5015679fa200a8fecfb6
                                                                                                                                                                                                          • Instruction ID: 3b5acebf57c4d395a3e39a1e107f2008a4f3c863315098d8e61f77eab4f2da01
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ca8badb1c01ffc42babd09dbdb2858a9e0f0bc2f06e5015679fa200a8fecfb6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52C18A71208201AFD714DF28C494F2ABBE5FF84318F14C55CE5AA8B7A2CB75E945CB92
                                                                                                                                                                                                          Function 0097255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 009725D8
                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009725E8
                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 009725F4
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00972601
                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0097266D
                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009726AC
                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009726D0
                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 009726D8
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 009726E1
                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 009726E8
                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 009726F3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                                          • Opcode ID: 7dbcc275c3b6b07f7d489a827dd1e1d39cf19aed505582d68aa5e890dd4bd43f
                                                                                                                                                                                                          • Instruction ID: 5232c7f9bc4accc3b83e37ac5cdfe82506e49a9f8fba7b11bb5c61b27d4eab9a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dbcc275c3b6b07f7d489a827dd1e1d39cf19aed505582d68aa5e890dd4bd43f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E6104B6D14219EFCF14CFA4D884AAEBBB5FF48310F20852AE559A7350D770A941DF60
                                                                                                                                                                                                          Function 0092DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0092DAA1
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D659
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D66B
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D67D
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D68F
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6A1
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6B3
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6C5
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6D7
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6E9
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6FB
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D70D
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D71F
                                                                                                                                                                                                            • Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D731
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DA96
                                                                                                                                                                                                            • Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
                                                                                                                                                                                                            • Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DAB8
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DACD
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DAD8
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DAFA
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB0D
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB1B
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB26
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB5E
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB65
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB82
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092DB9A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                          • Opcode ID: 2821d2ae40e9ac0dc36ef9d4c6fd5d62eb758dcb83326e698496a31c8849a992
                                                                                                                                                                                                          • Instruction ID: e33238caba6dfd653e5e25ea5cc10cc8d52f1bda8a2b7c095cecfa40d3155769
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2821d2ae40e9ac0dc36ef9d4c6fd5d62eb758dcb83326e698496a31c8849a992
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A316836605324AFEB22AB38F945B5AB7EDFF44320F514829E449D7199DF30EC808B60
                                                                                                                                                                                                          Function 0095365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0095369C
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009536A7
                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00953797
                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 0095380C
                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 0095385D
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00953882
                                                                                                                                                                                                          • GetParent.USER32(?), ref: 009538A0
                                                                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 009538A7
                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00953921
                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 0095395D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                          • String ID: %s%u
                                                                                                                                                                                                          • API String ID: 4010501982-679674701
                                                                                                                                                                                                          • Opcode ID: 99340704252c34ac5ded64b524acb1bb8a2989cfff75088663039546b7f526e3
                                                                                                                                                                                                          • Instruction ID: 23bb6ed1db4b18bc533b1b142f15822257ed960b56d8222c7bdaef4c2cbe864e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99340704252c34ac5ded64b524acb1bb8a2989cfff75088663039546b7f526e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E891D3B1204606EFD719DF25C895BEAF7A8FF44391F008529FD99D2190DB30EA49CBA1
                                                                                                                                                                                                          Function 00954954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00954994
                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 009549DA
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009549EB
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 009549F7
                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00954A2C
                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00954A64
                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00954A9D
                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00954AE6
                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00954B20
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00954B8B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                                          • Opcode ID: 33fe0eb53f450372caf7440cf6967a851792d9baf570e0133246f80a827a69bc
                                                                                                                                                                                                          • Instruction ID: e038051a7acfcc18470599d23591431cfb398bc4b8667e98349621ddaedfe2d4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33fe0eb53f450372caf7440cf6967a851792d9baf570e0133246f80a827a69bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F91F4711082099FDB44CF16C985FAA77ECFF84319F048469FD859A195EB30ED89CBA1
                                                                                                                                                                                                          Function 00988D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00988D5A
                                                                                                                                                                                                          • GetFocus.USER32 ref: 00988D6A
                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 00988D75
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00988E1D
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00988ECF
                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00988EEC
                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00988EFC
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00988F2E
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00988F70
                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00988FA1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 1026556194-4108050209
                                                                                                                                                                                                          • Opcode ID: 033086a806f6f79164234ae828a605f21148a33ffe0f5c10ac6bd5160e67dbf8
                                                                                                                                                                                                          • Instruction ID: d531f8e5e3e87b2e9580365d291813a474b6e9902a0215333571ca6eaef3bcef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 033086a806f6f79164234ae828a605f21148a33ffe0f5c10ac6bd5160e67dbf8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB818D71508301AFDB10EF24D884AABBBE9FF88354F540919FA9597392DB30D901DBB1
                                                                                                                                                                                                          Function 0095BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(009C1990,000000FF,00000000,00000030), ref: 0095BFAC
                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(009C1990,00000004,00000000,00000030), ref: 0095BFE1
                                                                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 0095BFF3
                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 0095C039
                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 0095C056
                                                                                                                                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 0095C082
                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0095C0C9
                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0095C10F
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095C124
                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095C145
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 1460738036-4108050209
                                                                                                                                                                                                          • Opcode ID: 04e7d32e00c04dcc2a66566851bb0c49337d4c281007bfbd573b4d96e588e654
                                                                                                                                                                                                          • Instruction ID: be6515399694f69404b136a8295d00fc7e638ac735216d74e31e89f06abaab5e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04e7d32e00c04dcc2a66566851bb0c49337d4c281007bfbd573b4d96e588e654
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9619BF091834AAFDF11CF69DC88AAEBBB8EB45346F000015FD01A3292C775AD09DB60
                                                                                                                                                                                                          Function 0095DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0095DC20
                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0095DC46
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095DC50
                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0095DCA0
                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0095DCBC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                                          • Opcode ID: 88d2f95b292b085406ca3b173f216aea5906f7927c79c747f87aa2cddb030f77
                                                                                                                                                                                                          • Instruction ID: e2c85dc51b97b977bb75ddee290df55ee3781f8dd05ca899053dd7583ff0d0f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88d2f95b292b085406ca3b173f216aea5906f7927c79c747f87aa2cddb030f77
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9441E072A402087ADB20A765DC03FFF76ACEF86721F100469F900A61D2EB749A4097A5
                                                                                                                                                                                                          Function 0097CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0097CC64
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0097CC8D
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0097CD48
                                                                                                                                                                                                            • Part of subcall function 0097CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0097CCAA
                                                                                                                                                                                                            • Part of subcall function 0097CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0097CCBD
                                                                                                                                                                                                            • Part of subcall function 0097CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0097CCCF
                                                                                                                                                                                                            • Part of subcall function 0097CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0097CD05
                                                                                                                                                                                                            • Part of subcall function 0097CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0097CD28
                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0097CCF3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                                          • Opcode ID: ba7ba82b78331447987e6318cd224b8fd11595acd36345738281ce09a78da542
                                                                                                                                                                                                          • Instruction ID: a3a17ecf5c42864e3c44d419614ac9f519e3b395e3dd01d7149dd995654a6f86
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba7ba82b78331447987e6318cd224b8fd11595acd36345738281ce09a78da542
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C03161B2905129BBDB218F54DC88EFFBB7CEF45750F004569B909E2240D7749A45EBB0
                                                                                                                                                                                                          Function 00963D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00963D40
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00963D6D
                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00963D9D
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00963DBE
                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 00963DCE
                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00963E55
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00963E60
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00963E6B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                                          • Opcode ID: dcb099745c58e30b0bba8ad10474fc18a5b571699b6a854199a8a1f3d6e2056c
                                                                                                                                                                                                          • Instruction ID: 28ae503a20461fdb5ffa4df027454318efb0aa5abd2785ad3439a9afec5cc735
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcb099745c58e30b0bba8ad10474fc18a5b571699b6a854199a8a1f3d6e2056c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 843192B1A14209ABDB219BA0DC49FEF77BCEF89700F1081B6F519D61A0E77497449B34
                                                                                                                                                                                                          Function 0095E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0095E6B4
                                                                                                                                                                                                            • Part of subcall function 0090E551: timeGetTime.WINMM(?,?,0095E6D4), ref: 0090E555
                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0095E6E1
                                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0095E705
                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0095E727
                                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 0095E746
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0095E754
                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0095E773
                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 0095E77E
                                                                                                                                                                                                          • IsWindow.USER32 ref: 0095E78A
                                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 0095E79B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                                          • Opcode ID: 5f38b6d0aaf60d9851c626466f4242624a611c1092e551da90a3cb8a809333fd
                                                                                                                                                                                                          • Instruction ID: a2925b1e278bb4cbb1379261161cdf636ae673c3399e795296688a9b74868b88
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f38b6d0aaf60d9851c626466f4242624a611c1092e551da90a3cb8a809333fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D42193B0628245AFEB049F21EDC9F293B6DFB5538AF100425F855812A1DF76AD08BB34
                                                                                                                                                                                                          Function 0095E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0095EA5D
                                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0095EA73
                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0095EA84
                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0095EA96
                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0095EAA7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                                          • Opcode ID: 537fef522250c080a2df99891a0ee66085cc136f632d3f23d4702c78fdfca87a
                                                                                                                                                                                                          • Instruction ID: 8a9e4c992a7d7706be258b2c83143a5693abb698820d7fd11a729088f2dbe4dc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 537fef522250c080a2df99891a0ee66085cc136f632d3f23d4702c78fdfca87a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF117332A5022D79D724E7B6DD4AEFF6A7CFBD1B54F000429B911E20D1EEB01A49C6B1
                                                                                                                                                                                                          Function 00959F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0095A012
                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0095A07D
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0095A09D
                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0095A0B4
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0095A0E3
                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0095A0F4
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 0095A120
                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0095A12E
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0095A157
                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0095A165
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0095A18E
                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 0095A19C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                          • Opcode ID: a1ef0181145d9301f16ea3c8d16584b255f2466369665eaf6cc2cd75add959f7
                                                                                                                                                                                                          • Instruction ID: e755469da2bf2404d74fe51ab198385b042260a0932d14773b0dafce47f75ec3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1ef0181145d9301f16ea3c8d16584b255f2466369665eaf6cc2cd75add959f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B51CC309087886DFB35DB7288117EABFF99F12381F084699DDC2571C2DA64AE4CC766
                                                                                                                                                                                                          Function 00955CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00955CE2
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00955CFB
                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00955D59
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00955D69
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00955D7B
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00955DCF
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00955DDD
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00955DEF
                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00955E31
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00955E44
                                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00955E5A
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00955E67
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                                          • Opcode ID: f8f2fac5138b107fa6c4a788d3f68e7dc5cef1bf3a2376bd1cbbaa41740d29e2
                                                                                                                                                                                                          • Instruction ID: 5545e1839f8f6a32e1a879e4006224e29955de856890fc2ced0c03dcbbcf9bd0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f2fac5138b107fa6c4a788d3f68e7dc5cef1bf3a2376bd1cbbaa41740d29e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E514FB1A10605AFDF18CF69DD99AAE7BB9FF48301F118128F905E7291D7709E04CB60
                                                                                                                                                                                                          Function 00908BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00908F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00908BE8,?,00000000,?,?,?,?,00908BBA,00000000,?), ref: 00908FC5
                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00908C81
                                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,00908BBA,00000000,?), ref: 00908D1B
                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00946973
                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00908BBA,00000000,?), ref: 009469A1
                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00908BBA,00000000,?), ref: 009469B8
                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00908BBA,00000000), ref: 009469D4
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 009469E6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 641708696-0
                                                                                                                                                                                                          • Opcode ID: d2613af721fcf1bbfffea104442c10bc4a4925926ac1e584b160b68e702829a6
                                                                                                                                                                                                          • Instruction ID: 86ca25c99cb62f7934e4a5f20cc5b05a43d2fedb934c28ecaa5432714805f3eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2613af721fcf1bbfffea104442c10bc4a4925926ac1e584b160b68e702829a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1361BE70616710DFEB259F14D948F2A77F5FB42312F10491CE0C29AAA0CB75AC90EFA5
                                                                                                                                                                                                          Function 00909838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909944: GetWindowLongW.USER32(?,000000EB), ref: 00909952
                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00909862
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                                          • Opcode ID: af414c25825d188e34fbb8918dda6a09ad562dfa66a05dcee5d470b4622a2413
                                                                                                                                                                                                          • Instruction ID: a392a69465492aa17a191010bc7870a05a00c9e3b4fbbf042aebb9b9e67d1956
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af414c25825d188e34fbb8918dda6a09ad562dfa66a05dcee5d470b4622a2413
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F418471108644AFDB205F789C88BB97769AB46731F148615F9A28B3E3D7319C41EB21
                                                                                                                                                                                                          Function 009596E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0093F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00959717
                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,0093F7F8,00000001), ref: 00959720
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0093F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00959742
                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,0093F7F8,00000001), ref: 00959745
                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00959866
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                                          • Opcode ID: 1e63859732611aa2b380d389f908090e5fa2d26b7f386427ee8d73993c123ea3
                                                                                                                                                                                                          • Instruction ID: 33b01b822fc1cec764aa1a86ca767363b6f64a599e372279b551c2f504cd00b9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e63859732611aa2b380d389f908090e5fa2d26b7f386427ee8d73993c123ea3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7413C7280421DAADB04EBE5DE86EFE7778EF54341F200065F605B2192EA356F48CB62
                                                                                                                                                                                                          Function 009506DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009507A2
                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009507BE
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009507DA
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00950804
                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0095082C
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00950837
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0095083C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                                          • Opcode ID: 8cb0cb623b7b81cb3d09124f75d2d57d1d060d3fbd6af143467f255ca062f2e0
                                                                                                                                                                                                          • Instruction ID: 7908a32b37c355c3743e705cff2185c4a2f1a5a470fefa3d5f617b01ebc5fa4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cb0cb623b7b81cb3d09124f75d2d57d1d060d3fbd6af143467f255ca062f2e0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F4107B281022DABDF15EFA4DC85DEDB778FF44390F154129E915A3260EB709E04CBA1
                                                                                                                                                                                                          Function 00983F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0098403B
                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 00984042
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00984055
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0098405D
                                                                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 00984068
                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00984072
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0098407C
                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00984092
                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0098409E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                          • API String ID: 2559357485-2160076837
                                                                                                                                                                                                          • Opcode ID: 0d444547957388ffc84270a72131d27cb71ec2af63bfbfdca01bed1035f7ae09
                                                                                                                                                                                                          • Instruction ID: b81176804657aa1daae71224ffefd282b7c7e5608c209c6a4ebdd6626a252da5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d444547957388ffc84270a72131d27cb71ec2af63bfbfdca01bed1035f7ae09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0317C72514216BBDF21AFA4DC48FDB3B69EF0D724F100211FA14E62A0D735D820EBA0
                                                                                                                                                                                                          Function 00973C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00973C5C
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00973C8A
                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00973C94
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00973D2D
                                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00973DB1
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00973ED5
                                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00973F0E
                                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,0098FB98,?), ref: 00973F2D
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00973F40
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00973FC4
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00973FD8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                                          • Opcode ID: ec1ac35f7808a8a5ea97e5d4920840b124d2fce94340a695568c65e01ac10db7
                                                                                                                                                                                                          • Instruction ID: 1090de533341124b4575f10d278ddc70a6f13b9b99c67576e2e4ad7dcca0c8e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec1ac35f7808a8a5ea97e5d4920840b124d2fce94340a695568c65e01ac10db7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAC144B26083059FD710DF68C88492BBBE9FF89744F10891DF98A9B250D731EE05DB62
                                                                                                                                                                                                          Function 00967A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00967AF3
                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00967B8F
                                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00967BA3
                                                                                                                                                                                                          • CoCreateInstance.OLE32(0098FD08,00000000,00000001,009B6E6C,?), ref: 00967BEF
                                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00967C74
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 00967CCC
                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00967D57
                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00967D7A
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00967D81
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00967DD6
                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00967DDC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                                          • Opcode ID: 92690a38530d3c0ea8d7ce17da7f97e22f8f40fdb359b240d0edc0ed6be68969
                                                                                                                                                                                                          • Instruction ID: b77cb1c48027d24065fbfe1345c20f8e80dee4cff11bbede27ce95c31346c7a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92690a38530d3c0ea8d7ce17da7f97e22f8f40fdb359b240d0edc0ed6be68969
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0C11A75A04109AFDB14DFA4C894DAEBBF9FF48308B148499E91ADB361D730EE45CB90
                                                                                                                                                                                                          Function 0098541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00985504
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00985515
                                                                                                                                                                                                          • CharNextW.USER32(00000158), ref: 00985544
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00985585
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0098559B
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009855AC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$CharNext
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1350042424-0
                                                                                                                                                                                                          • Opcode ID: 4a28a3a87745c3bcefacd611732694d23ea0302d5f045a05a9053678ae601aeb
                                                                                                                                                                                                          • Instruction ID: 14f88c5dd1126c1649991d63a3ddc6ad2358e0bdf197ec8afb0aa524f0f86051
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a28a3a87745c3bcefacd611732694d23ea0302d5f045a05a9053678ae601aeb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8561BC70904609EBDF10AFA0CC84EFE7BB9EF09321F114455F925AB3A0D7348A88DB60
                                                                                                                                                                                                          Function 0094FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0094FAAF
                                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 0094FB08
                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0094FB1A
                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0094FB3A
                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0094FB8D
                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 0094FBA1
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0094FBB6
                                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 0094FBC3
                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0094FBCC
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0094FBDE
                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0094FBE9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                                          • Opcode ID: 1c7803eb391d521aea4a34649f5054ca037e202dbbb5e2e91efe3d90cab0ea99
                                                                                                                                                                                                          • Instruction ID: f2c4006e747002eb09cc9e738e38b43c8f648e5ab44ede4ce1629c65fbeceb61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7803eb391d521aea4a34649f5054ca037e202dbbb5e2e91efe3d90cab0ea99
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2415175A0421A9FCB00DF68D864DAEBBB9FF48344F008069E906A7361DB30A945CBA0
                                                                                                                                                                                                          Function 00959C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00959CA1
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00959D22
                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 00959D3D
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00959D57
                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 00959D6C
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00959D84
                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00959D96
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00959DAE
                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00959DC0
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00959DD8
                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00959DEA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                          • Opcode ID: 868e3919e5c3be86ab0ed951fbcf0201c92ecf8b55bb535c03f6be7175e20ed5
                                                                                                                                                                                                          • Instruction ID: 668f2f36bcf98d1239bace2a4841fd930be14bc7fa9932e5fad7abe5b770c870
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 868e3919e5c3be86ab0ed951fbcf0201c92ecf8b55bb535c03f6be7175e20ed5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C741B8745087C9ADFF31D762C8043B5BEB86F11345F04805AEEC65A6C2E7A599CCC7A2
                                                                                                                                                                                                          Function 0097055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 009705BC
                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 0097061C
                                                                                                                                                                                                          • gethostbyname.WSOCK32(?), ref: 00970628
                                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 00970636
                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009706C6
                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009706E5
                                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 009707B9
                                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 009707BF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                                          • Opcode ID: 01b2261b05a6b0733d17f1d65ba56e5c619958d32aaaaaf7b55a2f1e3ce10df6
                                                                                                                                                                                                          • Instruction ID: aeb0d86a1104caf0b23f442e3909163f92bbab6a3ca92ed929f9be2cb7ccd75d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01b2261b05a6b0733d17f1d65ba56e5c619958d32aaaaaf7b55a2f1e3ce10df6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7916B76608201DFD324DF29C889B1ABBE4AF84318F14C5A9F5698B7A2C734ED45CF91
                                                                                                                                                                                                          Function 00978CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                                          • Opcode ID: 6fb339d4150caf921163ff64ab0fae888470ec95f773c12b6f099f3d678b410a
                                                                                                                                                                                                          • Instruction ID: 86ca3693c95bccbd73f5a73ec8248d4433f303c6eb226eac66103603500caa08
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fb339d4150caf921163ff64ab0fae888470ec95f773c12b6f099f3d678b410a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B651C532A401169BCF24EF6CC9459BFB7A9FF64764B208629E52AE72C0DB34DD40C791
                                                                                                                                                                                                          Function 0097372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoInitialize.OLE32 ref: 00973774
                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 0097377F
                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,0098FB78,?), ref: 009737D9
                                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 0097384C
                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 009738E4
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00973936
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                                          • Opcode ID: 3b90c1a60232cb30bb67a8f6a890b50b58f242e393ede4ac9ffd357ef66a3e01
                                                                                                                                                                                                          • Instruction ID: dfc346d3beff854e98abd83b27714aff3e4f430416632437132d4341a45fe38a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b90c1a60232cb30bb67a8f6a890b50b58f242e393ede4ac9ffd357ef66a3e01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B619272608301AFD310DF64C849FAAB7E8EF88714F108909F98997291D770EE48DB93
                                                                                                                                                                                                          Function 00963388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009633CF
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009633F0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                          • API String ID: 4099089115-3080491070
                                                                                                                                                                                                          • Opcode ID: ba94fb957ef83a99d01f67ccd9ceab0732c7f9ca2b3618ee14367782a3b87aa3
                                                                                                                                                                                                          • Instruction ID: ab4624af9455a39a30c1de8246a7d7706d1248daa299a5cb1e35c4acc1683cbd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba94fb957ef83a99d01f67ccd9ceab0732c7f9ca2b3618ee14367782a3b87aa3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81518E71900209AADF15EBA4DD42EFEB778FF44344F204165F509B21A2EB352F58DB61
                                                                                                                                                                                                          Function 0095B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                          • API String ID: 1256254125-769500911
                                                                                                                                                                                                          • Opcode ID: 2f1c4893b4f873fd23932cb2e59e96e6c92ea838347fb839bd5848af6e1e13a5
                                                                                                                                                                                                          • Instruction ID: 9bb5d36fa58d6bc445ce2ee63726ba5cefef02bbcd2cf8cf77a54cf55e6b438a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f1c4893b4f873fd23932cb2e59e96e6c92ea838347fb839bd5848af6e1e13a5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A412B32A021278BCB20DF7EC8905BE77A9BFA0775B244129ED21DB284E735CD85C790
                                                                                                                                                                                                          Function 0095BC5E Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 137windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095BCFD
                                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 0095BD1D
                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0095BD53
                                                                                                                                                                                                          • GetMenuItemCount.USER32(Y), ref: 0095BDA4
                                                                                                                                                                                                          • InsertMenuItemW.USER32(Y,?,00000001,00000030), ref: 0095BDCC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                          • String ID: 0$2$Y$Y
                                                                                                                                                                                                          • API String ID: 93392585-3409943544
                                                                                                                                                                                                          • Opcode ID: cc0084d94429c23fd7421612b2119dea56e4cbb28726407fa15963a8fa5b8f4f
                                                                                                                                                                                                          • Instruction ID: a9dba369948a3a9d26a254282339c69347eb791c52fc2676d8367ec09e770bf9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc0084d94429c23fd7421612b2119dea56e4cbb28726407fa15963a8fa5b8f4f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D451DFB0A042099BDF10CFAAD888BAEBBF8BF85316F144519FD11D72D0D7749949CB61
                                                                                                                                                                                                          Function 00965393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 009653A0
                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00965416
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00965420
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 009654A7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                                                                          • Opcode ID: 534c52991ffe3c922cf267394fdb3e42726640254c575732ca7554f2365dac73
                                                                                                                                                                                                          • Instruction ID: 9205493a4e7bad51c41fc953391ec01695b2ed78684c25296b23d1e028734fb1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 534c52991ffe3c922cf267394fdb3e42726640254c575732ca7554f2365dac73
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B431C375A006049FC710DF68C984BAA7BF8FF44305F1580A5E505CB3A2DB75ED86CBA1
                                                                                                                                                                                                          Function 00983C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateMenu.USER32 ref: 00983C79
                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00983C88
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00983D10
                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00983D24
                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00983D2E
                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00983D5B
                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00983D63
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                                          • Opcode ID: f318d7a44754a79fcf73969f1b73ba8febb946022326b22887a9d91c8ad88d61
                                                                                                                                                                                                          • Instruction ID: 26a4c1157309fa7c25ff1c564e0a660139889c7645e03808e268a16ec40b1a92
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f318d7a44754a79fcf73969f1b73ba8febb946022326b22887a9d91c8ad88d61
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5418BB5A05209AFDF14DF64E844EAA7BB9FF49710F148028F946973A0D730AA10DFA4
                                                                                                                                                                                                          Function 00951EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00951F64
                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 00951F6F
                                                                                                                                                                                                          • GetParent.USER32 ref: 00951F8B
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00951F8E
                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00951F97
                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00951FAB
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00951FAE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                          • Opcode ID: c9eac8241bade63b82c145d02e5e569704b05e5f5757044fea25c72f769e6573
                                                                                                                                                                                                          • Instruction ID: 492ae8313c2f717a1d99f7311ff8dc797ce3ce5f6e5ebab9bc9dcab4216bf3be
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9eac8241bade63b82c145d02e5e569704b05e5f5757044fea25c72f769e6573
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9121BEB0910218BBCF04EFA5DC85AFEBBB8EF05350B104125FDA1A72A1DB395908DB70
                                                                                                                                                                                                          Function 00951FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00952043
                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 0095204E
                                                                                                                                                                                                          • GetParent.USER32 ref: 0095206A
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0095206D
                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00952076
                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0095208A
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0095208D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                          • Opcode ID: a705e6aabc15c1116a536dde8ff970039180f9e64268d4f6d8f5b24cb318d9ae
                                                                                                                                                                                                          • Instruction ID: d9c6635f763243ee5e22528c34119a9390a030f975ad35cc292f767f342f9ac5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a705e6aabc15c1116a536dde8ff970039180f9e64268d4f6d8f5b24cb318d9ae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF21CFB1910218BBCF10EFB5DC85EFEBBB8EF05340F104415F991A72A1DA794918DB60
                                                                                                                                                                                                          Function 00983A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00983A9D
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00983AA0
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00983AC7
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00983AEA
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00983B62
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00983BAC
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00983BC7
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00983BE2
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00983BF6
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00983C13
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                          • Opcode ID: ba61ce714ca0bcc61f34e39b545909cb996a8e5a30e5aa0c94df9f2a50727ede
                                                                                                                                                                                                          • Instruction ID: 0cd07ecf7d8c53f3f112bba210f6abcaec9ffcf2a3d4e31b8669074a8bd161f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba61ce714ca0bcc61f34e39b545909cb996a8e5a30e5aa0c94df9f2a50727ede
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC615BB5900248AFDB10EFA8CC81EEE77B8EB49710F104199FA15A73A2D774AE45DB50
                                                                                                                                                                                                          Function 00922C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922C94
                                                                                                                                                                                                            • Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
                                                                                                                                                                                                            • Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CA0
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CAB
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CB6
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CC1
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CCC
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CD7
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CE2
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CED
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922CFB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                          • Opcode ID: 37f1cfe6a52109efe0edd2d872979f6fc96b09b171b4a46b45b91dfacce6abdd
                                                                                                                                                                                                          • Instruction ID: d50a36f45a289bfcfccb32b58fb46d94512f5468e9c2a8c2dcd32aff97db204a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37f1cfe6a52109efe0edd2d872979f6fc96b09b171b4a46b45b91dfacce6abdd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D311CB7A100118BFCB02EF54E942DDD3BA5FF49350F8144A5F9485F236D631EE909B90
                                                                                                                                                                                                          Function 00967DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00967FAD
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00967FC1
                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00967FEB
                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00968005
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00968017
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00968060
                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009680B0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                                          • Opcode ID: 21d3fba86f439bb5fb98dab8a775f92d3db6ce5126ced7ea9788399c964fab1d
                                                                                                                                                                                                          • Instruction ID: 7287129dba5814a5acd27fba074c09c0d027560e50c1bb9e55fa2ccf3e2a85dd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21d3fba86f439bb5fb98dab8a775f92d3db6ce5126ced7ea9788399c964fab1d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8481A1725082459BCB21DFA4C844AAAF3E8FF88314F544D5EF885D7260EB36DD49CB52
                                                                                                                                                                                                          Function 008F5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 008F5C7A
                                                                                                                                                                                                            • Part of subcall function 008F5D0A: GetClientRect.USER32(?,?), ref: 008F5D30
                                                                                                                                                                                                            • Part of subcall function 008F5D0A: GetWindowRect.USER32(?,?), ref: 008F5D71
                                                                                                                                                                                                            • Part of subcall function 008F5D0A: ScreenToClient.USER32(?,?), ref: 008F5D99
                                                                                                                                                                                                          • GetDC.USER32 ref: 009346F5
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00934708
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00934716
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0093472B
                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00934733
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 009347C4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                                          • Opcode ID: e8747977d54d2ef9b6136adeea6829713d2adc4e720838f81072221ba1eefe88
                                                                                                                                                                                                          • Instruction ID: 633ded57fb7c9edd946875526c2fd4580eba8088cb6136c9d7e5d6b19f8988a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8747977d54d2ef9b6136adeea6829713d2adc4e720838f81072221ba1eefe88
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82710331404209DFCF21CF64CD85ABA3BB9FF4A354F154269EE569A2A6C730AC91DF60
                                                                                                                                                                                                          Function 0096359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009635E4
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • LoadStringW.USER32(009C2390,?,00000FFF,?), ref: 0096360A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                          • API String ID: 4099089115-2391861430
                                                                                                                                                                                                          • Opcode ID: 2088c1986cd09e5698e6cf437eb8f9abf9f7aeaf1ef97c7cdae5afe7a69b44e5
                                                                                                                                                                                                          • Instruction ID: 175a3bc26e5a122b4ba9bd18cb521d00a995dced9aaafd0c9ad67091cc3106b0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2088c1986cd09e5698e6cf437eb8f9abf9f7aeaf1ef97c7cdae5afe7a69b44e5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1516B71800209AADF15EBA4DD42EEEBB78FF44354F144125F605B21A2EB302B98DB61
                                                                                                                                                                                                          Function 00988B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                            • Part of subcall function 0090912D: GetCursorPos.USER32(?), ref: 00909141
                                                                                                                                                                                                            • Part of subcall function 0090912D: ScreenToClient.USER32(00000000,?), ref: 0090915E
                                                                                                                                                                                                            • Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000001), ref: 00909183
                                                                                                                                                                                                            • Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000002), ref: 0090919D
                                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00988B6B
                                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 00988B71
                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00988B77
                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00988C12
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00988C25
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00988CFF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                          • API String ID: 1924731296-2107944366
                                                                                                                                                                                                          • Opcode ID: f07c30d296cf4a71f25b9a9f3f6cc5cad38ea51acb1f1b81caac92f531798c8b
                                                                                                                                                                                                          • Instruction ID: 5ca598cec438dbaaecea8989014f34cf3e9f7d19f409700940cf19713d30094b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f07c30d296cf4a71f25b9a9f3f6cc5cad38ea51acb1f1b81caac92f531798c8b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E519CB0608304AFD714EF24DC56FAA77E4FB88754F40062DF996A72E2DB709904CB62
                                                                                                                                                                                                          Function 0096C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0096C272
                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0096C29A
                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0096C2CA
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0096C322
                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0096C336
                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 0096C341
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                                          • Opcode ID: f24fbb1ce642b92823acc66217388623d0a33b59b040c08ddc90703710121110
                                                                                                                                                                                                          • Instruction ID: 729f4a2487b8591a73e255d642e845df3125bc680e9261e81c091976f1944eb3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f24fbb1ce642b92823acc66217388623d0a33b59b040c08ddc90703710121110
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 323169F1604208AFD7219FA49888EBB7AFCEB49784B10851EF49A92300DB34DD049B70
                                                                                                                                                                                                          Function 0095989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00933AAF,?,?,Bad directive syntax error,0098CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 009598BC
                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00933AAF,?), ref: 009598C3
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00959987
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                                          • Opcode ID: e03e1810df90d556fa710c44e83510517a1fa38c84b7f761f6f51d55938f77d4
                                                                                                                                                                                                          • Instruction ID: 4bafc5bd4a7645a03f51f03d1927b3519b0ddbf12f80219c57ae936221d2cc43
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e03e1810df90d556fa710c44e83510517a1fa38c84b7f761f6f51d55938f77d4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4216D3280021EEBDF15EFA4DC16EEE7779FF18345F044429F615A21A2EB35A618DB21
                                                                                                                                                                                                          Function 0095209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetParent.USER32 ref: 009520AB
                                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 009520C0
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0095214D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                                          • Opcode ID: c1c2dda39855c2f9eb7e88fe66ccef5a2855b52e8e06bbd9e433fb0b8cf6fd44
                                                                                                                                                                                                          • Instruction ID: 573c000855a31874f50849d1f5b5b6a9a9f5593d589b8f0662f43d45f8e39054
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1c2dda39855c2f9eb7e88fe66ccef5a2855b52e8e06bbd9e433fb0b8cf6fd44
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E911E77678CB17B9F605A321DC06EE7379CCF4A329F210026FE04A50D1FA6558455754
                                                                                                                                                                                                          Function 00928D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bf982b24f96bef459839b356fdda287ab9e2355119fe015c6f229d2154033a73
                                                                                                                                                                                                          • Instruction ID: adb7ec2dedade8b378f5ccb0ab5875835762bf6c86304ec77cf8d454ad4e3c61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf982b24f96bef459839b356fdda287ab9e2355119fe015c6f229d2154033a73
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BC1F475E0426DAFDB11EFA8E841BEEBBB4BF49310F044059E425A7396CB349941CB60
                                                                                                                                                                                                          Function 0092CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                                          • Opcode ID: 7812a74107e621827d9535c1865acacf7dd72b2b8e117b34750cf778a148410e
                                                                                                                                                                                                          • Instruction ID: 155ea13ca5aa87a112fda5172ba518dd3fbe2388f9006613522b4baec6336a22
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7812a74107e621827d9535c1865acacf7dd72b2b8e117b34750cf778a148410e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E616AB1A08330AFDF21AFB4BD81BAD7BA9EF45310F04026DF945A7289E7319D408790
                                                                                                                                                                                                          Function 009850D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00985186
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 009851C7
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 009851CD
                                                                                                                                                                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009851D1
                                                                                                                                                                                                            • Part of subcall function 00986FBA: DeleteObject.GDI32(00000000), ref: 00986FE6
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0098520D
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0098521A
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0098524D
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00985287
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00985296
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                                          • Opcode ID: 41dace4cac8285f30e0db4cceb5a8f615efb08bffd7c18257e71a64efadb9298
                                                                                                                                                                                                          • Instruction ID: 612740b0cf8a6a48bdb6000208d9960812b65c90e8f1394e6b7ed05080c27f60
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41dace4cac8285f30e0db4cceb5a8f615efb08bffd7c18257e71a64efadb9298
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E519C70A58A08BEEF20AF24CC4AFD83B69BB45321F154011F625963E1CB75E998DB51
                                                                                                                                                                                                          Function 00908B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00946890
                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009468A9
                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009468B9
                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 009468D1
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 009468F2
                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00908874,00000000,00000000,00000000,000000FF,00000000), ref: 00946901
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0094691E
                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00908874,00000000,00000000,00000000,000000FF,00000000), ref: 0094692D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1268354404-0
                                                                                                                                                                                                          • Opcode ID: fe4610aa5cc4e9783ed6a4231a1380a20797ff2846d8a61d57b561a54e161778
                                                                                                                                                                                                          • Instruction ID: e9d7fef15d72a07373316b733d94f806ae2c6332ade9b15b33357ac21ed714cc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe4610aa5cc4e9783ed6a4231a1380a20797ff2846d8a61d57b561a54e161778
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A5169B0A10209EFDB24CF24CC55FAA7BB9FF99760F104518F956962E0DB70E990EB50
                                                                                                                                                                                                          Function 0096C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0096C182
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0096C195
                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 0096C1A9
                                                                                                                                                                                                            • Part of subcall function 0096C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0096C272
                                                                                                                                                                                                            • Part of subcall function 0096C253: GetLastError.KERNEL32 ref: 0096C322
                                                                                                                                                                                                            • Part of subcall function 0096C253: SetEvent.KERNEL32(?), ref: 0096C336
                                                                                                                                                                                                            • Part of subcall function 0096C253: InternetCloseHandle.WININET(00000000), ref: 0096C341
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                                          • Opcode ID: 8ea237bbb4c84034464b2bba48b350866f7effde6ac7cfe24c60d4434a0df2f6
                                                                                                                                                                                                          • Instruction ID: 25572bacf5b4835b7fdbeb234c683dba00db6a43a8a1d8af209a692278531425
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ea237bbb4c84034464b2bba48b350866f7effde6ac7cfe24c60d4434a0df2f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B318BF1204605BFDB219FA5DC54A77BBFCFF58310B00842EF9AA82610D735E814ABA0
                                                                                                                                                                                                          Function 009525A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00953A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00953A57
                                                                                                                                                                                                            • Part of subcall function 00953A3D: GetCurrentThreadId.KERNEL32 ref: 00953A5E
                                                                                                                                                                                                            • Part of subcall function 00953A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009525B3), ref: 00953A65
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 009525BD
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009525DB
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 009525DF
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 009525E9
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00952601
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00952605
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0095260F
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00952623
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00952627
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                                          • Opcode ID: 70180fa6347177aeaa7fbf697e42d08ade2de4166415520f0daed59cbfb000a8
                                                                                                                                                                                                          • Instruction ID: a091f219645fa3016316f746d2eccca48115c1f52cd446d826a05a129d603a0c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70180fa6347177aeaa7fbf697e42d08ade2de4166415520f0daed59cbfb000a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3401B1712A8210BBFB10A769DC8EF593F59DB8AB52F100011F718AE1D5C9F224489B79
                                                                                                                                                                                                          Function 00951803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00951449,?,?,00000000), ref: 0095180C
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00951449,?,?,00000000), ref: 00951813
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00951449,?,?,00000000), ref: 00951828
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00951449,?,?,00000000), ref: 00951830
                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00951449,?,?,00000000), ref: 00951833
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00951449,?,?,00000000), ref: 00951843
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00951449,00000000,?,00951449,?,?,00000000), ref: 0095184B
                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00951449,?,?,00000000), ref: 0095184E
                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00951874,00000000,00000000,00000000), ref: 00951868
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                                          • Opcode ID: 0ccbef83821c545df37bfeb95e8e0c0247e6f7489f9b37e4affdde3874c8be74
                                                                                                                                                                                                          • Instruction ID: 197c9e88f26d6e5ae039bb0b2c65feeb6197deeb663be6847132419b4ae758fb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ccbef83821c545df37bfeb95e8e0c0247e6f7489f9b37e4affdde3874c8be74
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4301BBB5254308BFE710EBA5DC8DF6B3BACEB89B11F004411FA05DB2A1DA719800DB30
                                                                                                                                                                                                          Function 0095C5D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0095C6EE
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095C735
                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0095C79C
                                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0095C7CA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                          • String ID: 0$Y$Y
                                                                                                                                                                                                          • API String ID: 1227352736-1875644869
                                                                                                                                                                                                          • Opcode ID: f2c1a4857ef23e827b1625233adb99c29da85495dbddc1d008e2a645e3348b05
                                                                                                                                                                                                          • Instruction ID: ffcb0c55c2b5e67abdc3aebf014f92a079dd2562a3d51d63cc9ce70fa68fb183
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2c1a4857ef23e827b1625233adb99c29da85495dbddc1d008e2a645e3348b05
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D251DFB16043019FD720DF2AC884B6A77E8AB89311F040A2DFD95E36D1DB74D9088B96
                                                                                                                                                                                                          Function 0097A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0095D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0095D501
                                                                                                                                                                                                            • Part of subcall function 0095D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0095D50F
                                                                                                                                                                                                            • Part of subcall function 0095D4DC: CloseHandle.KERNELBASE(00000000), ref: 0095D5DC
                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0097A16D
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0097A180
                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0097A1B3
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 0097A268
                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 0097A273
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0097A2C4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                                                                          • Opcode ID: 7fd0ced77a3420780b18a8bcd39b1869de0ab7825b12e12650abb122985b7c67
                                                                                                                                                                                                          • Instruction ID: 217c71e492b8b47894abf6e3fb34a8ac5cd806656dc9df322b8e0da3923e3e8e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fd0ced77a3420780b18a8bcd39b1869de0ab7825b12e12650abb122985b7c67
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E618E71208242AFD710DF19C494F29BBE5AF84318F54C49CE46A8B7A3C776ED49CB92
                                                                                                                                                                                                          Function 00983886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00983925
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0098393A
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00983954
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00983999
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 009839C6
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009839F4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                                          • Opcode ID: 5159c43dc050a46b01e3bfbb312effc3cda8994e0f7c1091d5e5e2dc7c9767a1
                                                                                                                                                                                                          • Instruction ID: eac550cf16675677df5e8f21dd99e86dd58089d1c1ef3bb239fb35a9ace1f0aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5159c43dc050a46b01e3bfbb312effc3cda8994e0f7c1091d5e5e2dc7c9767a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D41C071A00219ABEF21AF64CC49FEA7BA9EF48754F104526F948E7281D775DA80CB90
                                                                                                                                                                                                          Function 0095C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0095C913
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                                          • Opcode ID: 9a011984f4dbfdd8faa7640b9da1ea73b14eb4f2d1a168067fa2eb70a33e4fcf
                                                                                                                                                                                                          • Instruction ID: 0e919e1c0d3c7b5395bc1b2aa9ffd39a80f5f7ec1af835c60322902538209258
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a011984f4dbfdd8faa7640b9da1ea73b14eb4f2d1a168067fa2eb70a33e4fcf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8113D7278930ABEE700DB159D93DEA779CDF5572AB20002AFD00A62C2DB786E445364
                                                                                                                                                                                                          Function 0095DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                                          • Opcode ID: e6e612340d41d5c7c4a764817c91e07dccab9303da4c5691ede4cc906a8b6c46
                                                                                                                                                                                                          • Instruction ID: e1e431a8ea4870d8b905663a539ef98afd0fbbec659ded98cc818474ea511e53
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6e612340d41d5c7c4a764817c91e07dccab9303da4c5691ede4cc906a8b6c46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8113672904109AFDB30EB21DC0BEEE37ACDF91712F000169F845A6191EF718A889B60
                                                                                                                                                                                                          Function 00989F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 00989FC7
                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 00989FE7
                                                                                                                                                                                                          • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0098A224
                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0098A242
                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0098A263
                                                                                                                                                                                                          • ShowWindow.USER32(00000003,00000000), ref: 0098A282
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0098A2A7
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000005,?,?), ref: 0098A2CA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1211466189-0
                                                                                                                                                                                                          • Opcode ID: 2b247baa3720a65d6fc6c09bf94a5492b1a2f962fb50b5e5a34c867d72972890
                                                                                                                                                                                                          • Instruction ID: e6fe7e2077ec353b0f73d05d2d0bd5cb6a2c5256972448b4561e67ad8ec6e2d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b247baa3720a65d6fc6c09bf94a5492b1a2f962fb50b5e5a34c867d72972890
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25B1DC31604215EFEF24DF68C989BAE3BB6FF44711F08806AEC599B395D731A940CB61
                                                                                                                                                                                                          Function 0095ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                                          • Opcode ID: 7fabaa3e1f8ef48c3b594632929ccae0cf02f5aa939558e4ef166ba7def62c87
                                                                                                                                                                                                          • Instruction ID: 762a52800c71d7eb1d6579935eedbb4be48b1946395e38549ba4e3e1a5fabe17
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fabaa3e1f8ef48c3b594632929ccae0cf02f5aa939558e4ef166ba7def62c87
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7419465D1011C75CB11EBF5888AACFB7A8AF85710F508862F924E3162FB34E399C7A5
                                                                                                                                                                                                          Function 0090F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0090F953
                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0094F3D1
                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0094F454
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                          • Opcode ID: 8ca980ce3e16ca3d9ca34ca6b797fb4c2f731d8033364770b77f1667a2e95ea2
                                                                                                                                                                                                          • Instruction ID: cbf911ff9a6b4b2e0379bd21ee64625f58de0ff774a092295d367e599bcdafa8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ca980ce3e16ca3d9ca34ca6b797fb4c2f731d8033364770b77f1667a2e95ea2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F412A3161C780BEC7388B28D8B8F2A7B99AB86750F14443DE06753EE1D635AA80D711
                                                                                                                                                                                                          Function 00982D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00982D1B
                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00982D23
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00982D2E
                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00982D3A
                                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00982D76
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00982D87
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00985A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00982DC2
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00982DE1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                          • Opcode ID: 22203ed6719fcdd03fbdf76cc59edb246889648a4e51bf3f27c9bc6db419ba98
                                                                                                                                                                                                          • Instruction ID: 3bab7118ab5485e6eb56a0d80e50121d0a2db6280142b04c693688e629bdb0e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22203ed6719fcdd03fbdf76cc59edb246889648a4e51bf3f27c9bc6db419ba98
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 193187B2215214BBEB218F60CC8AFEB3FADEF09751F044065FE089A291D6759C40CBB0
                                                                                                                                                                                                          Function 00955622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                          • Opcode ID: c4d292798ff9ff9c0430432da26ebd057f1fd7136c56196c0702781cde1184bd
                                                                                                                                                                                                          • Instruction ID: a6aac5f27f4f5d4665809f22fa41ad95e6bf88dd8ebae80f918934d3e6d7b27d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4d292798ff9ff9c0430432da26ebd057f1fd7136c56196c0702781cde1184bd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C213E6174290DB7D614E5138DB2FFB335CAF90386F550020FE049A647F724EE1983A5
                                                                                                                                                                                                          Function 00974FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                          • Opcode ID: 8ceb4ba908e07a123004d4d4adec0475948af9d6cff19acc26433a10d7afe6b0
                                                                                                                                                                                                          • Instruction ID: 017fee5ad3d0ab8c1f2e12815522120238aa475b9c8470ff1436329be18339f0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ceb4ba908e07a123004d4d4adec0475948af9d6cff19acc26433a10d7afe6b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFD1C772A0060A9FDF50CF68C881BAEB7B9FF48344F15C469E919AB291E7B0DD45CB50
                                                                                                                                                                                                          Function 00931522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,009317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 009315CE
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00931651
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,009317FB,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009316E4
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009316FB
                                                                                                                                                                                                            • Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00931777
                                                                                                                                                                                                          • __freea.LIBCMT ref: 009317A2
                                                                                                                                                                                                          • __freea.LIBCMT ref: 009317AE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                                          • Opcode ID: 3c129af8943653a29e3fa83fc50f5f286f0c3ad94f39bb11d1443b3da3a2d640
                                                                                                                                                                                                          • Instruction ID: 8f7df17024a86aa0a088ac039c8b9c0eb9ddc45290eab1cf0aef672440369881
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c129af8943653a29e3fa83fc50f5f286f0c3ad94f39bb11d1443b3da3a2d640
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1191A271E102169ADF208FA4CC81AEE7BF99F89714F184659F806E7261DB35DC40CF60
                                                                                                                                                                                                          Function 00974523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                                          • Opcode ID: a1b77b1e7d6e771dd16e6c8d2ebc748c07f0c335ab2d61f24882865cf289e19b
                                                                                                                                                                                                          • Instruction ID: 71481af862b8499c6e435c9f5b192de9e570409cb74a0395d843e5e9b0e25f6f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1b77b1e7d6e771dd16e6c8d2ebc748c07f0c335ab2d61f24882865cf289e19b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E918272A00219AFDF24CFA4CC85FAEB7B8EF85714F108559F519AB281D7749941CFA0
                                                                                                                                                                                                          Function 00961187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0096125C
                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00961284
                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009612A8
                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009612D8
                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0096135F
                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009613C4
                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00961430
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2550207440-0
                                                                                                                                                                                                          • Opcode ID: 46fdc13df1eb0671e3131b0c2e90d9ec98873ba5fc425f0f2e506ce59a1ddda0
                                                                                                                                                                                                          • Instruction ID: a096c1adfdd7433a9fb7c69ef2c5b025ea651f6cc325b85b62de5cf09490e761
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46fdc13df1eb0671e3131b0c2e90d9ec98873ba5fc425f0f2e506ce59a1ddda0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B910671A002199FDB00DFA8C895BBEB7B9FF85314F18442AE551E72A1DB78E941CB90
                                                                                                                                                                                                          Function 0090948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                          • Opcode ID: ace39d7d03ff3974b0cf49ca27f1d5ec9aa1f44fc63a56a9f7cc6e8f042fe525
                                                                                                                                                                                                          • Instruction ID: 281b1a14e144e240985d3a68a60602cbbb9729168a736453c2f42cdfc86a1636
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ace39d7d03ff3974b0cf49ca27f1d5ec9aa1f44fc63a56a9f7cc6e8f042fe525
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B912871D04219EFCB14CFA9CC84AEEBBB8FF89320F148555E915B7292D378A941DB60
                                                                                                                                                                                                          Function 00973947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0097396B
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00973A7A
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00973A8A
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00973C1F
                                                                                                                                                                                                            • Part of subcall function 00960CDF: VariantInit.OLEAUT32(00000000), ref: 00960D1F
                                                                                                                                                                                                            • Part of subcall function 00960CDF: VariantCopy.OLEAUT32(?,?), ref: 00960D28
                                                                                                                                                                                                            • Part of subcall function 00960CDF: VariantClear.OLEAUT32(?), ref: 00960D34
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                                          • Opcode ID: f3200f442e1aac5daeb6c61b5057f62902fc046e2dc8433cff6368711a828421
                                                                                                                                                                                                          • Instruction ID: 661d1b76638279b0e84d0fc1d687a9fe427cbe9e433731a87577d40bdc12d192
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3200f442e1aac5daeb6c61b5057f62902fc046e2dc8433cff6368711a828421
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 099159766083059FC704DF28C48196AB7E8FF88314F14896DF9899B351DB30EE45DB92
                                                                                                                                                                                                          Function 00974BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0095000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?,?,0095035E), ref: 0095002B
                                                                                                                                                                                                            • Part of subcall function 0095000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950046
                                                                                                                                                                                                            • Part of subcall function 0095000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950054
                                                                                                                                                                                                            • Part of subcall function 0095000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?), ref: 00950064
                                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00974C51
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00974D59
                                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00974DCF
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00974DDA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                                          • Opcode ID: 14adb46929361e208087a7a7dd161bae3883c218010359327121683771c2e735
                                                                                                                                                                                                          • Instruction ID: c6ad0118e245cfbd5b8562b72534233e4b789df7b13f2c74fa1a26f4041f1a3e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14adb46929361e208087a7a7dd161bae3883c218010359327121683771c2e735
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2912972D0021D9FDF14DFA4C891AEEB7B8FF48310F108569E919A7291EB749A44CFA1
                                                                                                                                                                                                          Function 009820FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 00982183
                                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 009821B5
                                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009821DD
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00982213
                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0098224D
                                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 0098225B
                                                                                                                                                                                                            • Part of subcall function 00953A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00953A57
                                                                                                                                                                                                            • Part of subcall function 00953A3D: GetCurrentThreadId.KERNEL32 ref: 00953A5E
                                                                                                                                                                                                            • Part of subcall function 00953A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009525B3), ref: 00953A65
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009822E3
                                                                                                                                                                                                            • Part of subcall function 0095E97B: Sleep.KERNEL32 ref: 0095E9F3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                                          • Opcode ID: c391b0789da433c3602f132ca6d77df7f93a05acede9d8dd5e7a76deee0e8025
                                                                                                                                                                                                          • Instruction ID: 4441c74b5e59ab24a611edc0fba0db383cd6cff8993eb76870757437c9687b38
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c391b0789da433c3602f132ca6d77df7f93a05acede9d8dd5e7a76deee0e8025
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5716175E04205AFCB14EF68C845AAEB7F5FF88310F148469E926EB351DB34EE418B90
                                                                                                                                                                                                          Function 00987E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsWindow.USER32(00E158A0), ref: 00987F37
                                                                                                                                                                                                          • IsWindowEnabled.USER32(00E158A0), ref: 00987F43
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0098801E
                                                                                                                                                                                                          • SendMessageW.USER32(00E158A0,000000B0,?,?), ref: 00988051
                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,?), ref: 00988089
                                                                                                                                                                                                          • GetWindowLongW.USER32(00E158A0,000000EC), ref: 009880AB
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009880C3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4072528602-0
                                                                                                                                                                                                          • Opcode ID: 9d4b3ff612027d2882105cbc6780fa8d87cde4ac03b88399b53ff1579625022d
                                                                                                                                                                                                          • Instruction ID: 09deac6796d89867e9e5fcf621bd50774ce4dab73c48b91b69bcad7befd59182
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d4b3ff612027d2882105cbc6780fa8d87cde4ac03b88399b53ff1579625022d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4971A174608204AFEB21AF95CC84FEABBB9FF0A300F644459FA5597361CB31E845DB20
                                                                                                                                                                                                          Function 0095AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0095AEF9
                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0095AF0E
                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0095AF6F
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0095AF9D
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0095AFBC
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0095AFFD
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0095B020
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                          • Opcode ID: b9e6bd95a47b0fa520526137075c9f31be475e73a110a5cda6f8116b93446c81
                                                                                                                                                                                                          • Instruction ID: ca840f61417bb29cb5f4e09d4296d843e3da2f96e461163e128b742894cb97c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9e6bd95a47b0fa520526137075c9f31be475e73a110a5cda6f8116b93446c81
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D5113A06043D13DFB32C236CC05BBABEAD5B06305F088589E9E9554C2D3E8ACCCD361
                                                                                                                                                                                                          Function 0095ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0095AD19
                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0095AD2E
                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0095AD8F
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0095ADBB
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0095ADD8
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0095AE17
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0095AE38
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                          • Opcode ID: 18a70cca912b2076da9145dd31520dbd2b38c08809d139d3409eb662ebd22aae
                                                                                                                                                                                                          • Instruction ID: 612c9e5cd54516d9eb4ec7e1ccbaa670ceea86085459387fc182679d431abbc2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18a70cca912b2076da9145dd31520dbd2b38c08809d139d3409eb662ebd22aae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 345106A15047D53DFB32D3368C46B7ABEAC6B45302F088688E9D5568C2D294EC8CD76A
                                                                                                                                                                                                          Function 0092542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(00933CD6,?,?,?,?,?,?,?,?,00925BA3,?,?,00933CD6,?,?), ref: 00925470
                                                                                                                                                                                                          • __fassign.LIBCMT ref: 009254EB
                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00925506
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00933CD6,00000005,00000000,00000000), ref: 0092552C
                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00933CD6,00000000,00925BA3,00000000,?,?,?,?,?,?,?,?,?,00925BA3,?), ref: 0092554B
                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,00925BA3,00000000,?,?,?,?,?,?,?,?,?,00925BA3,?), ref: 00925584
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                          • Opcode ID: c69c724e54c61ad0123b2c4272a39fd0397413b70eed2579c9d868c142372a87
                                                                                                                                                                                                          • Instruction ID: 3a099b94e60daba90bf7d6b3bd24adb7a122de48d736ad83f2192adcc280d31d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c69c724e54c61ad0123b2c4272a39fd0397413b70eed2579c9d868c142372a87
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 945102B0A00619AFCB10CFA8E885EEEBBF9EF09300F15451AF955E3295D730DA41CB60
                                                                                                                                                                                                          Function 00912D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00912D4B
                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00912D53
                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00912DE1
                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00912E0C
                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00912E61
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                          • Opcode ID: 23cfc0ff1033959af9e0e92ca12dae0f32bd9b578e958691d50c73b4390a0495
                                                                                                                                                                                                          • Instruction ID: 2f2f2ff612e32a9d4c8f0bf3e3badc4311c9426041206dd0cbb582e2552fcbc1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23cfc0ff1033959af9e0e92ca12dae0f32bd9b578e958691d50c73b4390a0495
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91418634B0020DAFCF10EF68D845ADEBBB9BF85324F148155E9146B392D7359AA5CBD0
                                                                                                                                                                                                          Function 009710B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0097304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0097307A
                                                                                                                                                                                                            • Part of subcall function 0097304E: _wcslen.LIBCMT ref: 0097309B
                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00971112
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00971121
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 009711C9
                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 009711F9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                                          • Opcode ID: c5f1322027ba131a7d015e6f0a10ef8d931083eb81b1fd76fa31d3ebcf5aed78
                                                                                                                                                                                                          • Instruction ID: 3ae8f63c0ddca9f1c8e0e95299644bf5aed39a0714d734ea0a5583fbc7b1d1bb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5f1322027ba131a7d015e6f0a10ef8d931083eb81b1fd76fa31d3ebcf5aed78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5041F472604208AFDB109F68C884BA9B7E9FF45324F54C059FD099F291C774EE41CBA1
                                                                                                                                                                                                          Function 0095CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0095CF22,?), ref: 0095DDFD
                                                                                                                                                                                                            • Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0095CF22,?), ref: 0095DE16
                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0095CF45
                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0095CF7F
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095D005
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095D01B
                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 0095D061
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                                          • Opcode ID: 70ae34dafeee236eea7365c79bcea39b3486f8c22ceae0002445b0a4d933cc1f
                                                                                                                                                                                                          • Instruction ID: 56a8faed97b74e4d5bd5d41bf846ac15eb3018b96c5f71762c061adfb6a4e0d4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70ae34dafeee236eea7365c79bcea39b3486f8c22ceae0002445b0a4d933cc1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D24132B19452189FDF12EBA5D981BDEB7BDAF48381F1000E6E905EB141EA34A788CB50
                                                                                                                                                                                                          Function 00982DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00982E1C
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00982E4F
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00982E84
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00982EB6
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00982EE0
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00982EF1
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00982F0B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                                          • Opcode ID: df35f171fd128015c274745dc4596bd4577c8da929a86b318188032da50ed4d5
                                                                                                                                                                                                          • Instruction ID: 35c35ff9f65069b29bf8d455582e7429801d62a4cd2f8dd026f192026e6dc44f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: df35f171fd128015c274745dc4596bd4577c8da929a86b318188032da50ed4d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B310330618251AFDB21DF58EC84F6537E9EB9A710F150165F9018F3B2CB71A840EB59
                                                                                                                                                                                                          Function 00957726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00957769
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0095778F
                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00957792
                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 009577B0
                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 009577B9
                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 009577DE
                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 009577EC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                          • Opcode ID: 07ecef8081f515c50e12c7bfab921eeaad15df0e8d0021b6f5beb3491faab023
                                                                                                                                                                                                          • Instruction ID: 3f672bbb090f4276d3c571d3874a28ea5035920d8058df65fb77ae24d91f3960
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07ecef8081f515c50e12c7bfab921eeaad15df0e8d0021b6f5beb3491faab023
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D21B276608219AFDB10DFB9EC88DBBB3ACEB093647008425FD04DB2A0D670DE458770
                                                                                                                                                                                                          Function 009577FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00957842
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00957868
                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 0095786B
                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 0095788C
                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 00957895
                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 009578AF
                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 009578BD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                          • Opcode ID: 49d4f062a2ae07d8ae7b41ee87074f72c6d28d7ff99829e09fd655daa5007b50
                                                                                                                                                                                                          • Instruction ID: 01cbb6e44881c6766742231ac7a7a11d15f30d3eec81ab2f4762e229e0655785
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49d4f062a2ae07d8ae7b41ee87074f72c6d28d7ff99829e09fd655daa5007b50
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB218E71608214AFDB10DBF9ECCCDAAB7ACEB083607108125BA15CB2A1D674DD85CB74
                                                                                                                                                                                                          Function 009604D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 009604F2
                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0096052E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                          • Opcode ID: f03b2ea2bb2bce183ed3d30bdc4dc216eaacd2857566aaa56e27231e86a983fc
                                                                                                                                                                                                          • Instruction ID: bfa4143063e4bd7b5672c19cc2f328c56b07a438d170a5f9fa5c0eb32b24c9e1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f03b2ea2bb2bce183ed3d30bdc4dc216eaacd2857566aaa56e27231e86a983fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1213DB5500305ABDB209F6ADC85A9B77A8BF85764F204A19F8A2D72E0E770D950DF20
                                                                                                                                                                                                          Function 009605A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 009605C6
                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00960601
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                          • Opcode ID: cc3e62af027eefe904a9209df36a2515d8e55153463d1de8f0c9235fd71b9034
                                                                                                                                                                                                          • Instruction ID: 1213766891961f17ce91161da1e36dacba3a76445fbc6fa4abf7c3e1fc406fbb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc3e62af027eefe904a9209df36a2515d8e55153463d1de8f0c9235fd71b9034
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB215C75504305ABDB209F69DC84E9B77E8AFD5724F200B19F8A1E72E0E7B09960DB20
                                                                                                                                                                                                          Function 009840AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008F604C
                                                                                                                                                                                                            • Part of subcall function 008F600E: GetStockObject.GDI32(00000011), ref: 008F6060
                                                                                                                                                                                                            • Part of subcall function 008F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008F606A
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00984112
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0098411F
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0098412A
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00984139
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00984145
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                          • Opcode ID: 511b771ba313b00004c8c6ac8de02131f76896b4bd4daecb99ff897819d04fdf
                                                                                                                                                                                                          • Instruction ID: fd30603ba4fe3b6c6896965ed756eef77324504b8bc4797eac8b4bea6f8b53be
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 511b771ba313b00004c8c6ac8de02131f76896b4bd4daecb99ff897819d04fdf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB1190B215421EBEEF119F64CC85EE77F5DEF18798F014110BA18A2190CA769C619BA4
                                                                                                                                                                                                          Function 0092D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0092D7A3: _free.LIBCMT ref: 0092D7CC
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D82D
                                                                                                                                                                                                            • Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
                                                                                                                                                                                                            • Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D838
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D843
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D897
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D8A2
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D8AD
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D8B8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                          • Instruction ID: 5cdbe740e155ba1a356e77a1eeb85c0129230c4a4adedec617b53f6ed88f4978
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E21163B1542B24BAE521BFF0EC47FCB7BDC6F84700F800825B2D9A6096DA79B5454750
                                                                                                                                                                                                          Function 0095DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0095DA74
                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0095DA7B
                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0095DA91
                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0095DA98
                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0095DADC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0095DAB9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                                          • Opcode ID: 195eb5812d757a6b0e14e239a12aaed64a61723f37713e29ca3d937e93f3ca3e
                                                                                                                                                                                                          • Instruction ID: 5c04258409668bb7a190b28a2edd23a02c44a1375b40b225d7764a3533c9dc16
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 195eb5812d757a6b0e14e239a12aaed64a61723f37713e29ca3d937e93f3ca3e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C00186F25042087FF710EBA09D89EEB336CE708301F4008A2B746E2141E6749E844F74
                                                                                                                                                                                                          Function 0096096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00E0D0B8,00E0D0B8), ref: 0096097B
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00E0D098,00000000), ref: 0096098D
                                                                                                                                                                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 0096099B
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009609A9
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 009609B8
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00E0D0B8,000001F6), ref: 009609C8
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00E0D098), ref: 009609CF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                                          • Opcode ID: 878a2d473d6005ede9c72f450aeb3386ed5bec82831ad0be972e3cc9dee5e622
                                                                                                                                                                                                          • Instruction ID: cbbb4d3f629f9b546afa37803013574779576df2d80ac0be0cdf248f1e2d59e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 878a2d473d6005ede9c72f450aeb3386ed5bec82831ad0be972e3cc9dee5e622
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F03C7245AA02BBD7415FA4EE8CBD6BB39FF41712F402025F202909E0C7749465EFA0
                                                                                                                                                                                                          Function 00971C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00971DC0
                                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00971DE1
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00971DF2
                                                                                                                                                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 00971EDB
                                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 00971E8C
                                                                                                                                                                                                            • Part of subcall function 009539E8: _strlen.LIBCMT ref: 009539F2
                                                                                                                                                                                                            • Part of subcall function 00973224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0096EC0C), ref: 00973240
                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00971F35
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                                          • Opcode ID: 3722deaa0b05cef6f3f5c72e8c7d68562ad81772af6d573b36e3fe5c2d748b3e
                                                                                                                                                                                                          • Instruction ID: a7f1104d28b0198f6a6c3f8324d09a27eddd989749c58d001dccfca7cf28a50b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3722deaa0b05cef6f3f5c72e8c7d68562ad81772af6d573b36e3fe5c2d748b3e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBB1B272204300AFC324DF28C895F2A77A9EF84318F54895CF55A9B2E2DB71ED45CB92
                                                                                                                                                                                                          Function 008F5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 008F5D30
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008F5D71
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 008F5D99
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 008F5ED7
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 008F5EF8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                                          • Opcode ID: 6983fa2bbae456822709a77e4f863215088b159c14288bfd19ab9fa63e5079de
                                                                                                                                                                                                          • Instruction ID: 3c46aba1d5a471c0db863ceb5f0451384b4772622b08686f5398840404bc5f1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6983fa2bbae456822709a77e4f863215088b159c14288bfd19ab9fa63e5079de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27B16674A00A4ADBDB14CFB9C4807FAB7F1FF48310F14841AEAAAD7250DB34AA51DB50
                                                                                                                                                                                                          Function 009201B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __allrem.LIBCMT ref: 009200BA
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009200D6
                                                                                                                                                                                                          • __allrem.LIBCMT ref: 009200ED
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0092010B
                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00920122
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00920140
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                          • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                          • Instruction ID: f90bbf64483802b422ce5b8c42c6bea03fec72bb6d183baa75f9ebf2fe7ece8c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF811472B0071A9BE7209F28EC51BAA73E9EFC1324F24453AF551D6392E7B0D9418B90
                                                                                                                                                                                                          Function 009261FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,009182D9,009182D9,?,?,?,0092644F,00000001,00000001,8BE85006), ref: 00926258
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0092644F,00000001,00000001,8BE85006,?,?,?), ref: 009262DE
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009263D8
                                                                                                                                                                                                          • __freea.LIBCMT ref: 009263E5
                                                                                                                                                                                                            • Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852
                                                                                                                                                                                                          • __freea.LIBCMT ref: 009263EE
                                                                                                                                                                                                          • __freea.LIBCMT ref: 00926413
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                          • Opcode ID: 81c730aec32c7232a4c52f6a3555b1fc337283f9646b18615368ffa2f02b9a93
                                                                                                                                                                                                          • Instruction ID: 0103a9617c314935163872ab867940707f544f4353615e36eb17a403309898d9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81c730aec32c7232a4c52f6a3555b1fc337283f9646b18615368ffa2f02b9a93
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9851E172A00226ABEB259F64FC81FBF77A9EF84710F154669FC05D6598EB34DC40C6A0
                                                                                                                                                                                                          Function 0097BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E
                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097BCCA
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0097BD25
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0097BD6A
                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0097BD99
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0097BDF3
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 0097BDFF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                                          • Opcode ID: 5f22c894fd1849edacef06e18909fe94e50ae3e7891fed7f025ede75932e1ab0
                                                                                                                                                                                                          • Instruction ID: e29d11daabeb0889534e06fead5d4530b5211be2d2a6f8a3cfc3c86ea613aea6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f22c894fd1849edacef06e18909fe94e50ae3e7891fed7f025ede75932e1ab0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1819171218241AFD714DF24C895F2ABBE9FF84308F14895CF5998B2A2DB31ED45CB92
                                                                                                                                                                                                          Function 0094F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 0094F7B9
                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000001), ref: 0094F860
                                                                                                                                                                                                          • VariantCopy.OLEAUT32(0094FA64,00000000), ref: 0094F889
                                                                                                                                                                                                          • VariantClear.OLEAUT32(0094FA64), ref: 0094F8AD
                                                                                                                                                                                                          • VariantCopy.OLEAUT32(0094FA64,00000000), ref: 0094F8B1
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0094F8BB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                                          • Opcode ID: 67093644b090e6545a4c66470bcf8631186d2a4e73b2e99cfb8d1b8c4a2ab50c
                                                                                                                                                                                                          • Instruction ID: 07de1a8ae24c5d4eccf627ec0115ad90fff2b717dd4281c8bb161c713d4f2431
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67093644b090e6545a4c66470bcf8631186d2a4e73b2e99cfb8d1b8c4a2ab50c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC51D735A10312BADF24AB75D8A5F39B3A8EF85310F249867E906DF291DB748C40C767
                                                                                                                                                                                                          Function 0096910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 009694E5
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00969506
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0096952D
                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00969585
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                                          • Opcode ID: 472983455ccb596dbe701550223ddc7ed94cc9de824e44ef4f20bdd82f668037
                                                                                                                                                                                                          • Instruction ID: 4fe25ee7eb13c5b1c3294bb044931c25abbebc943ae09498465a5752d67e8d60
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 472983455ccb596dbe701550223ddc7ed94cc9de824e44ef4f20bdd82f668037
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8E1A0316083018FD724DF28C491A6AB7E8FF85314F14896DF9999B3A2EB31DD05CB92
                                                                                                                                                                                                          Function 0090920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 00909241
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 009092A5
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 009092C2
                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 009092D3
                                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00909321
                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 009471EA
                                                                                                                                                                                                            • Part of subcall function 00909339: BeginPath.GDI32(00000000), ref: 00909357
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3050599898-0
                                                                                                                                                                                                          • Opcode ID: 60dad5976a6444380c898945cef23b0004c035263f059b6fd271b92f36f1e1f3
                                                                                                                                                                                                          • Instruction ID: 4760c520e927ad40edd75b3296fdcbad2174fae70149f17aeab5814c232535ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60dad5976a6444380c898945cef23b0004c035263f059b6fd271b92f36f1e1f3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD41AF70508305AFD721DF64DC94FBA7BB8EF8A760F140629F9A4872E2C7319845EB61
                                                                                                                                                                                                          Function 009607EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 0096080C
                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00960847
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00960863
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 009608DC
                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009608F3
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00960921
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                                          • Opcode ID: 632890e718b550e8ea9288755ef775d7dbf5fa27c0e3b1e262486cf5a30a5f5c
                                                                                                                                                                                                          • Instruction ID: f7164a32e53687f1d47b080cd37f54a7a1536510249867a339cd6c0f2175c45b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 632890e718b550e8ea9288755ef775d7dbf5fa27c0e3b1e262486cf5a30a5f5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87414871A00205EFDF14EF54DCC5AAA77B9FF84310F1440A9ED049A296DB31DE65DBA0
                                                                                                                                                                                                          Function 009881DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0094F3AB,00000000,?,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0098824C
                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00988272
                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009882D1
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 009882E5
                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 0098830B
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0098832F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                                          • Opcode ID: d1852695603a934df4a23bfc07657bf0d03355debf56d6da56dae4d3e9b7f5a0
                                                                                                                                                                                                          • Instruction ID: aed667a52c837a04af7b4b89e7df9e2b4449cb3a76edf7b1a6b74dfb6fac90c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1852695603a934df4a23bfc07657bf0d03355debf56d6da56dae4d3e9b7f5a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E241F234605600AFDB26EF14D899FE57BE4FB0A754F5802A9F5198B3A3CB31A841CB60
                                                                                                                                                                                                          Function 00954C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00954C95
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00954CB2
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00954CEA
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00954D08
                                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00954D10
                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00954D1A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                                          • Opcode ID: 580d5aebb92b1f39227bf7848d73d924e67b295d63974fd8562470a27f948d35
                                                                                                                                                                                                          • Instruction ID: 0934257a437144a5f74953f585c6ff81771af3998834fae03b8561801788fc95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 580d5aebb92b1f39227bf7848d73d924e67b295d63974fd8562470a27f948d35
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71212972204201BBEB659B36DC09E7B7BACDF85754F104039FC05CA1D1EA71DD8497A0
                                                                                                                                                                                                          Function 0096581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0096587B
                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00965995
                                                                                                                                                                                                          • CoCreateInstance.OLE32(0098FCF8,00000000,00000001,0098FB68,?), ref: 009659AE
                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 009659CC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                                          • Opcode ID: bac7ae4231a90deefdba523286a3ee7d5a5d6d433ab8b081034d08b306a88da6
                                                                                                                                                                                                          • Instruction ID: 404b56ef5ad787b20868390ae14679673c121f2ac968137f641fb3f7b6a1b728
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bac7ae4231a90deefdba523286a3ee7d5a5d6d433ab8b081034d08b306a88da6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD160716087059FC714DF28C480A2ABBE5FF89724F16885DF88A9B361DB31ED45CB92
                                                                                                                                                                                                          Function 0095175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00950FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00950FCA
                                                                                                                                                                                                            • Part of subcall function 00950FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00950FD6
                                                                                                                                                                                                            • Part of subcall function 00950FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00950FE5
                                                                                                                                                                                                            • Part of subcall function 00950FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00950FEC
                                                                                                                                                                                                            • Part of subcall function 00950FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00951002
                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00951335), ref: 009517AE
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 009517BA
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 009517C1
                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 009517DA
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00951335), ref: 009517EE
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 009517F5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                                          • Opcode ID: 40de2a292a9f0e3280ec14e837c43f84cf77a224d1d42e0146e5c1640986acc9
                                                                                                                                                                                                          • Instruction ID: b49b304d5babd192c2819bc025382b16a2bd0d1b1c1ea484e4068e43acb78e3a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40de2a292a9f0e3280ec14e837c43f84cf77a224d1d42e0146e5c1640986acc9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411BE71514205FFDB10DFA9CC89BAE7BADEB49356F104118F842A7210C735A948DB60
                                                                                                                                                                                                          Function 009514CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009514FF
                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00951506
                                                                                                                                                                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00951515
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000004), ref: 00951520
                                                                                                                                                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0095154F
                                                                                                                                                                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00951563
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1413079979-0
                                                                                                                                                                                                          • Opcode ID: 0c19ef74d1de1d215b3590ed0fafcb25247fde387e3bf605457b2d4ec482a77e
                                                                                                                                                                                                          • Instruction ID: aa273b5712318b75fc69d50f649fed27a947487b55fb00feac49d18098a17c9e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c19ef74d1de1d215b3590ed0fafcb25247fde387e3bf605457b2d4ec482a77e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD1189B2204209ABDF11CFA8ED09FDE3BADEF48745F044025FE05A2160D3758E65EB60
                                                                                                                                                                                                          Function 00913382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00913379,00912FE5), ref: 00913390
                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0091339E
                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009133B7
                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00913379,00912FE5), ref: 00913409
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                          • Opcode ID: 817dc5f7c584d2e0dea9468be73395f659eb1d080b97f16a641a71afb97e12b5
                                                                                                                                                                                                          • Instruction ID: a823b491f5629116b64edc4ace8460f6441b792254fa0aac840dd7d2ffc05fb9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 817dc5f7c584d2e0dea9468be73395f659eb1d080b97f16a641a71afb97e12b5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62014C7331C719BEEA143BB47D866E72A78DB45375320832AF420842F0EF114D836558
                                                                                                                                                                                                          Function 00922D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00925686,00933CD6,?,00000000,?,00925B6A,?,?,?,?,?,0091E6D1,?,009B8A48), ref: 00922D78
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922DAB
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922DD3
                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,0091E6D1,?,009B8A48,00000010,008F4F4A,?,?,00000000,00933CD6), ref: 00922DE0
                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,0091E6D1,?,009B8A48,00000010,008F4F4A,?,?,00000000,00933CD6), ref: 00922DEC
                                                                                                                                                                                                          • _abort.LIBCMT ref: 00922DF2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                          • Opcode ID: 27438eff427c852e594371fa832ad13b2cbbc79c342037bcfa49d7f53015deb8
                                                                                                                                                                                                          • Instruction ID: f86680b32435d6b1b49a02c3dc62932437b6cda95d1f5c6a1a8233ef654604f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27438eff427c852e594371fa832ad13b2cbbc79c342037bcfa49d7f53015deb8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0F0C87650963077C2123738BC06F5A265DAFC27B1F254519F825962DEEE3488025270
                                                                                                                                                                                                          Function 00988A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00909693
                                                                                                                                                                                                            • Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096A2
                                                                                                                                                                                                            • Part of subcall function 00909639: BeginPath.GDI32(?), ref: 009096B9
                                                                                                                                                                                                            • Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096E2
                                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00988A4E
                                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00988A62
                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00988A70
                                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00988A80
                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00988A90
                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00988AA0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                          • Opcode ID: 7dfa47f827cf1b39b844efc346a270fc57c6cd037d3ea83a4091b9e6de7272e2
                                                                                                                                                                                                          • Instruction ID: 71cf376f92b9b356c7762f7f96b2da83d756f9a8bb28be5355338e64f6f8efe7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dfa47f827cf1b39b844efc346a270fc57c6cd037d3ea83a4091b9e6de7272e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A11C97640410DFFDF129F94DC88EAA7F6DEB09394F048012FA199A2A1C7719D55EBB0
                                                                                                                                                                                                          Function 009551FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00955218
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00955229
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00955230
                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00955238
                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0095524F
                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00955261
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                          • Opcode ID: a15fb714d821d9daf586620b18e8fe26adec4d34aa88974722dfa91575fd46ca
                                                                                                                                                                                                          • Instruction ID: 1cfdf76f5d724a3ab18082eb5d282bcd4c523530a0b9b39bf6989218b931050a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a15fb714d821d9daf586620b18e8fe26adec4d34aa88974722dfa91575fd46ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6014FB5A04719BBEB109BB69C49E5EBFB8EF48751F044065FA04E7381DA709804DBA0
                                                                                                                                                                                                          Function 008F1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 008F1BF4
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 008F1BFC
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 008F1C07
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 008F1C12
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 008F1C1A
                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 008F1C22
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                          • Opcode ID: a327a6adff243f5cce4d78ea5385ce8f83f9955b9b05ac05cd042659000e2479
                                                                                                                                                                                                          • Instruction ID: fc8ab292dd90bc0ef89a85e46d3900dee26a0b6fd52c54a2410405e6beb6eb44
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a327a6adff243f5cce4d78ea5385ce8f83f9955b9b05ac05cd042659000e2479
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F016CB090275A7DE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5
                                                                                                                                                                                                          Function 0095EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0095EB30
                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0095EB46
                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0095EB55
                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0095EB64
                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0095EB6E
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0095EB75
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                                                                          • Opcode ID: 005d2aed1cfc04a551a6d0e6125cc0546101b03eb72e165e46cc1d86e98af5d1
                                                                                                                                                                                                          • Instruction ID: cff80cda1b770ac7879e6972043845e08c980ed2ee9508f85a4e9b57ef244b56
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 005d2aed1cfc04a551a6d0e6125cc0546101b03eb72e165e46cc1d86e98af5d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCF030B2154159BBE72157529C4DEEF3A7CEFCAB11F000169F601D1291E7B05A01E7B5
                                                                                                                                                                                                          Function 00947439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 00947452
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00947469
                                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 00947475
                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00947484
                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00947496
                                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 009474B0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                                          • Opcode ID: 5c8d9e32304da0d536172f619630fd3610a7e31aeb1655edf47e5bb661e1e234
                                                                                                                                                                                                          • Instruction ID: 54ae2bdf0833ff4ee7de454e02939e3595bc1f7abdd83ac7eebb68741831da28
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c8d9e32304da0d536172f619630fd3610a7e31aeb1655edf47e5bb661e1e234
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20014B71418219FFDB515FA4EC08FAABBB6FF04321F514564F916A22B1CB311E51AB60
                                                                                                                                                                                                          Function 00951874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0095187F
                                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 0095188B
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00951894
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0095189C
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 009518A5
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 009518AC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                                          • Opcode ID: 38b83d5f5620a1a2b5c4ae49214e369e90f24913305e76399262173c6cb5640f
                                                                                                                                                                                                          • Instruction ID: 1d3479600b10cb90f07c31dac0d1b05a7c62dac21417e77ed74f5c11211be0e5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38b83d5f5620a1a2b5c4ae49214e369e90f24913305e76399262173c6cb5640f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09E0E5B601C101BBDB015FA1ED0CD0ABF39FF49B22B108221F22681674CB329421FF60
                                                                                                                                                                                                          Function 0097AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 0097AEA3
                                                                                                                                                                                                            • Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625
                                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 0097AF38
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0097AF67
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                                          • Opcode ID: 88fdadbdc513f5d87ddc2ebd2dc9e0c860d92c8d528621acfe7f3ab5d8b42cca
                                                                                                                                                                                                          • Instruction ID: 08616e1da367323d002200085f388a26e110845e002b3c30fd174fb3192bdfe0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88fdadbdc513f5d87ddc2ebd2dc9e0c860d92c8d528621acfe7f3ab5d8b42cca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB716C71A00619DFCB14DF68C484AAEBBF4FF48314F048499E85AAB392C774ED45CB91
                                                                                                                                                                                                          Function 0095719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00957206
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0095723C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0095724D
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 009572CF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                                          • Opcode ID: d0fdc213564dc6a15dc134052e0c1ae533fd915bd1f8250a69a9973fdf2e819a
                                                                                                                                                                                                          • Instruction ID: 865439876d309dc59b6acf20d6d467059b26e1c54e4596638f1e1d722bf165d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0fdc213564dc6a15dc134052e0c1ae533fd915bd1f8250a69a9973fdf2e819a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F4194B1604204EFDB15CF95D884B9ABBB9EF44311F1480ADBD199F20AD7B4DE49CBA0
                                                                                                                                                                                                          Function 0095C27D Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0095C306
                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0095C34C
                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,009C1990,Y), ref: 0095C395
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                          • String ID: 0$Y
                                                                                                                                                                                                          • API String ID: 135850232-2165418456
                                                                                                                                                                                                          • Opcode ID: c192f5551f170c0b8c35fd3aa46fee0b43a52a914d444e257b4b1f2d12ddf85a
                                                                                                                                                                                                          • Instruction ID: 4e4ed8f7d566a18b8e51a684cb4f39f1747e2a59e3ddf5174e24faa856da53f4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c192f5551f170c0b8c35fd3aa46fee0b43a52a914d444e257b4b1f2d12ddf85a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F641A5B12083059FDB20DF26D844B5ABBE8EF85312F148A1DFDA5972D1D730E908CB62
                                                                                                                                                                                                          Function 00983D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00983E35
                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00983E4A
                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00983E92
                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00983EA5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                                          • Opcode ID: 3762ac7d5610186092961b7ae76948d1acad4c213cfc2a99d307558931778828
                                                                                                                                                                                                          • Instruction ID: 7b7bf72d8471e4a8b319d1de9000351f9572d7a2aa663b48cf6a4ee4c02c30ea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3762ac7d5610186092961b7ae76948d1acad4c213cfc2a99d307558931778828
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A4159B5A10209AFDF10EF50D884EAABBB9FF49750F048029F906A7352D730AE40DF60
                                                                                                                                                                                                          Function 00951DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00951E66
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00951E79
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00951EA9
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                                          • Opcode ID: c841cdd3ea599a0780e2c6005d511532b9af68a7ccc15c63d2da968ab131687f
                                                                                                                                                                                                          • Instruction ID: cbc9c8a864a49ee56060d62fd1fcf24cbdae09b2bff251672e9fed3d78389261
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c841cdd3ea599a0780e2c6005d511532b9af68a7ccc15c63d2da968ab131687f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82212671A00108AEDB14AB76DC46EFFB7B9EF81364B104529FC21E32E0DB384A0D9720
                                                                                                                                                                                                          Function 00982F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00982F8D
                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00982F94
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00982FA9
                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00982FB1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                                          • Opcode ID: 4a6d3b1d96c4e188c5e47251840b092d3dd4e135fc01171174095af41398d34c
                                                                                                                                                                                                          • Instruction ID: bd93dd26cfa7b7d352b2d08a8f87682cb6737393de568fe83d239185db33e7b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a6d3b1d96c4e188c5e47251840b092d3dd4e135fc01171174095af41398d34c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62216A71214209ABEB106FA4DC84EBB77BDEF99364F104628FA50D62A0D771DC91E760
                                                                                                                                                                                                          Function 00914D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00914D1E,009228E9,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002), ref: 00914D8D
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00914DA0
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00914D1E,009228E9,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002,00000000), ref: 00914DC3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                          • Opcode ID: e0e50d9267d8b97bbc391e1555ac134709087a5041dc3173145b9c58ecf029b4
                                                                                                                                                                                                          • Instruction ID: 8b006e1c5d6679c114af209c75110e5985cda9d992076b85c3ff0c81c445c140
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0e50d9267d8b97bbc391e1555ac134709087a5041dc3173145b9c58ecf029b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3F0A47465420CBBDF105F94DC49BDDBBB8EF84712F000054F905A2290CB305980DB90
                                                                                                                                                                                                          Function 008F4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E9C
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008F4EAE
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4EC0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                                          • Opcode ID: 356ab0715f1260a098e6d94c7fa12aa2ef23b967beaa597bf64af929de5793f3
                                                                                                                                                                                                          • Instruction ID: a6cf9f1d1beb4c3d305bffa354c38f7ef104590e140c8795903e2b59f975c2de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 356ab0715f1260a098e6d94c7fa12aa2ef23b967beaa597bf64af929de5793f3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38E04676A1AA225BD3221A25AC5CA6B6658BF81B72B050116BA04E2300DBB0C90592B0
                                                                                                                                                                                                          Function 008F4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E62
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008F4E74
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E87
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                                          • Opcode ID: fec1ed4ea0937f9e58e635e20f5075c80ac058848849940eb46fec566bb71b10
                                                                                                                                                                                                          • Instruction ID: 08361d6a6b6f3287b5b400fa7e7f2b660ac15a11510cec4d4b340dca93eca06f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fec1ed4ea0937f9e58e635e20f5075c80ac058848849940eb46fec566bb71b10
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD0C23151AA2157C7321B34BC0CE9B2A18FF81F353950212BA04E2210CF70CD05D3F0
                                                                                                                                                                                                          Function 00962947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00962C05
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00962C87
                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00962C9D
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00962CAE
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00962CC0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                                          • Opcode ID: 7187b3fc8e7132b32d26c52572e0b8e19cba04f4befcb4f2a830524d6ff955c7
                                                                                                                                                                                                          • Instruction ID: 674c27f5787e3bfb2fc46e2db0a0cd0b73babbbd848b3451c43beb097c378aa0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7187b3fc8e7132b32d26c52572e0b8e19cba04f4befcb4f2a830524d6ff955c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FB16D72E0051DABDF21DBA4CC85EEEB7BDEF89350F1040A6F609E6151EB349A448F61
                                                                                                                                                                                                          Function 0097A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0097A427
                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0097A435
                                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0097A468
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0097A63D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                                          • Opcode ID: 93ec271b7279818aa9a72a27d697573adb7737bfb53271da64a2b5f76c8f856f
                                                                                                                                                                                                          • Instruction ID: 6ebac164c5ae87270a4b2321b0b9284d76b8148b3dd5f4fb3a04e000a62e9209
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ec271b7279818aa9a72a27d697573adb7737bfb53271da64a2b5f76c8f856f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FA16D716043019FD720DF28C886B2AB7E5EF84714F14885DFA5ADB2D2DBB1ED418B92
                                                                                                                                                                                                          Function 0092BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00993700), ref: 0092BB91
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,009C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0092BC09
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,009C1270,000000FF,?,0000003F,00000000,?), ref: 0092BC36
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092BB7F
                                                                                                                                                                                                            • Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
                                                                                                                                                                                                            • Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092BD4B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1286116820-0
                                                                                                                                                                                                          • Opcode ID: e972c1748526a32a8ef0499d3ee8c42489cf3c1fb6f6342aebd242db063252bc
                                                                                                                                                                                                          • Instruction ID: 24e4722fe85472243df1d8a004de9825e139248cf2f258c9a5de03d9efa2989e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e972c1748526a32a8ef0499d3ee8c42489cf3c1fb6f6342aebd242db063252bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B510B75D04229AFCB14EF69EC81EAEB7FCEF85310B10426AE564D7299EB309D409B50
                                                                                                                                                                                                          Function 0095E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0095CF22,?), ref: 0095DDFD
                                                                                                                                                                                                            • Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0095CF22,?), ref: 0095DE16
                                                                                                                                                                                                            • Part of subcall function 0095E199: GetFileAttributesW.KERNEL32(?,0095CF95), ref: 0095E19A
                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0095E473
                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0095E4AC
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095E5EB
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095E603
                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0095E650
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                                          • Opcode ID: e510dd648590229afb81e6dee36efdf69ad5daadddb5fe59e853089e494392de
                                                                                                                                                                                                          • Instruction ID: 842fde59f06054babe50798a900d8808f76b87dc14a059eacaba1bf4368b1400
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e510dd648590229afb81e6dee36efdf69ad5daadddb5fe59e853089e494392de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA5174B25083455BC728DBA5D881ADB73ECAFC4341F00491EFA89D3191EF75A68C8766
                                                                                                                                                                                                          Function 0097B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
                                                                                                                                                                                                            • Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E
                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097BAA5
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0097BB00
                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0097BB63
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 0097BBA6
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0097BBB3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                                          • Opcode ID: e605a04c29b4858bfbc95c8a809e9d57c3c1c2c75b17c35c97c088083bd7424e
                                                                                                                                                                                                          • Instruction ID: 8d0ffd2f7aa837d65d2a14e06b25eacfdf19d11595c702f5d575d35a3fbd3c16
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e605a04c29b4858bfbc95c8a809e9d57c3c1c2c75b17c35c97c088083bd7424e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6661B371208205AFD714DF24C491F2ABBE9FF84348F14896DF4998B292DB31ED45CB92
                                                                                                                                                                                                          Function 00958BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00958BCD
                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00958C3E
                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00958C9D
                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00958D10
                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00958D3B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                                          • Opcode ID: 6c657a4d7bba52d77d86c38485ea12ac120842d678746c4efbc5625d22bae88e
                                                                                                                                                                                                          • Instruction ID: 2abda499af84758aee012a2c709e3e453d06702476f69effb7ae2472510189c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c657a4d7bba52d77d86c38485ea12ac120842d678746c4efbc5625d22bae88e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04516AB5A10219EFCB10CF69C884AAAB7F9FF89310B158559E905EB350E730E911CFA0
                                                                                                                                                                                                          Function 00968AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00968BAE
                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00968BDA
                                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00968C32
                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00968C57
                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00968C5F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                                          • Opcode ID: ffea1032ccc76d17308e3525c11383f4762060ffc58069602913ba42017e67a9
                                                                                                                                                                                                          • Instruction ID: 033a8e456563b8f4f748e151e766854b13e76cc679aae46a57459cc3ae2a6632
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffea1032ccc76d17308e3525c11383f4762060ffc58069602913ba42017e67a9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E516C35A002199FDB10DF64C880E6EBBF5FF48314F088458E949AB3A2DB35ED45DBA1
                                                                                                                                                                                                          Function 00978EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00978F40
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00978FD0
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00978FEC
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00979032
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00979052
                                                                                                                                                                                                            • Part of subcall function 0090F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00961043,?,7644E610), ref: 0090F6E6
                                                                                                                                                                                                            • Part of subcall function 0090F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0094FA64,00000000,00000000,?,?,00961043,?,7644E610,?,0094FA64), ref: 0090F70D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                                          • Opcode ID: 67c6dc2e70cd8c109929aa0752abe48fd13571d3e537103661582333d83a3dd9
                                                                                                                                                                                                          • Instruction ID: 7f4ec7f1caf4883287cbf00150346c94b65f77f7d1a4e0940e565c429c5bff41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67c6dc2e70cd8c109929aa0752abe48fd13571d3e537103661582333d83a3dd9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED513835605209DFCB11DF68C494DADBBB5FF49314B0480A9E90A9B362DB31ED86CB91
                                                                                                                                                                                                          Function 00986B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00986C33
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00986C4A
                                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00986C73
                                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0096AB79,00000000,00000000), ref: 00986C98
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00986CC7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                                          • Opcode ID: a29522c3282bee4116bf7d929874f0f8021e908342b6203ebae5ec42b70cb5c0
                                                                                                                                                                                                          • Instruction ID: e3f7be86c25db949c55ef003dde161b29b549cdd77504326384c2b7b77df84ab
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a29522c3282bee4116bf7d929874f0f8021e908342b6203ebae5ec42b70cb5c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41A275A08104AFDB24EF28CC54FA57BA9EB09350F140628FA95AB3A1C371ED41DB50
                                                                                                                                                                                                          Function 00922051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                          • Opcode ID: f6e49efe289b0dcd18b17072f6c1980b33f18cebb00fe6ca67c32637aa78bb29
                                                                                                                                                                                                          • Instruction ID: 32810ad49fe2be3daf3d59429027993e362e66d908f6dbb012e06e64251156f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6e49efe289b0dcd18b17072f6c1980b33f18cebb00fe6ca67c32637aa78bb29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D41F676A00210AFCB24DF78D981A5DB7F5EF89314F154568E615EB396DB31ED01CB80
                                                                                                                                                                                                          Function 0090912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00909141
                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 0090915E
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 00909183
                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 0090919D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                          • Opcode ID: 7e3e3ef9b9bd65b8e8c5b8379432ffd8d24021625088f8ca1bf184f3cd48ff7f
                                                                                                                                                                                                          • Instruction ID: 93d877efa8da3756d8d03ce887d040d78b5b2187a1340deb29fdb6b09f0449c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e3e3ef9b9bd65b8e8c5b8379432ffd8d24021625088f8ca1bf184f3cd48ff7f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4414C71A0C60ABFDF199FA4C844BEEB774FB49324F208615E425A62D1C7346950DB91
                                                                                                                                                                                                          Function 00963874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetInputState.USER32 ref: 009638CB
                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00963922
                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0096394B
                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00963955
                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00963966
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2256411358-0
                                                                                                                                                                                                          • Opcode ID: 5683a3ba4275cba65b6b320124d6b317dd9a64c9b6d62945e0ce478b187d6cef
                                                                                                                                                                                                          • Instruction ID: b91117c0b4db8fcd6639e44824e17de2526fcd273356271d302f5ef2297c469e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5683a3ba4275cba65b6b320124d6b317dd9a64c9b6d62945e0ce478b187d6cef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3831977091C382DFEB39CB35D848FB637ACEB06304F14856DE452821A1E7B49A85EF21
                                                                                                                                                                                                          Function 0096CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0096C21E,00000000), ref: 0096CF38
                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 0096CF6F
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,0096C21E,00000000), ref: 0096CFB4
                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0096C21E,00000000), ref: 0096CFC8
                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0096C21E,00000000), ref: 0096CFF2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                                          • Opcode ID: 960a983ed9c9147cb1907309a9f6c95f98e29cdd0f99449f697834b7502a1e8c
                                                                                                                                                                                                          • Instruction ID: 3df1bf5e7d6d0b08fa4a7fe0437003e3404a34a026a78361eaf3af80ce5060d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 960a983ed9c9147cb1907309a9f6c95f98e29cdd0f99449f697834b7502a1e8c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53315CB1604205EFDB20DFA5D884ABBBBFDEB54351B10442EF556D2241DB34EE41DBA0
                                                                                                                                                                                                          Function 00951901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00951915
                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 009519C1
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 009519C9
                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 009519DA
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 009519E2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                                          • Opcode ID: c167b0110a62adcd76fe9bf26025381423dde2194a52981a5ed1f4fd1d67f1a0
                                                                                                                                                                                                          • Instruction ID: a218e045c33333a644fe106cd7db929c677f89d7065d5e5d187fc54a88b89c6e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c167b0110a62adcd76fe9bf26025381423dde2194a52981a5ed1f4fd1d67f1a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5531C071A04219EFCB00CFA9DDA9BDE7BB5EB44316F104229FD21A72D1C7709948DBA0
                                                                                                                                                                                                          Function 00985706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00985745
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 0098579D
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009857AF
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009857BA
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00985816
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                                          • Opcode ID: 6631b6bc0887d3f7ab496b57c52c82e2fd206b3d6b91b096c3df794e41530a29
                                                                                                                                                                                                          • Instruction ID: 8d6ef2dde9f79e295369ddada13f51fde0fa8f06dbd94c7a556148f48a683673
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6631b6bc0887d3f7ab496b57c52c82e2fd206b3d6b91b096c3df794e41530a29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE21A5719146189ADF20AFA1CC84AEDB7BCFF44724F108216E929EA294D7748989CF50
                                                                                                                                                                                                          Function 0090990C Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 009098CC
                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 009098D6
                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 009098E9
                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 009098F1
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00909952
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1860813098-0
                                                                                                                                                                                                          • Opcode ID: 2c4316f8d7acc33cf92d249c1b9ad61c279feb9e0f667cb92fd1554792296f3e
                                                                                                                                                                                                          • Instruction ID: bd066b8c8501479550aaaa8fcc6e8cc687623391e48ad5e63f18d772c6d01c92
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c4316f8d7acc33cf92d249c1b9ad61c279feb9e0f667cb92fd1554792296f3e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E32107715493509FC7228F34EC5DEEA3BA4AF53330B18426DE9A28A2E3C3311952DB50
                                                                                                                                                                                                          Function 00970930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00970951
                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00970968
                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 009709A4
                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 009709B0
                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 009709E8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                                          • Opcode ID: 0da4a121a8aa107f6af78265044b5b625fd95cff72cce13a1e44cc19657a1161
                                                                                                                                                                                                          • Instruction ID: aaded5a7e0ba4562505f6fad48233ab18b16061a81ec7fb386a1840f0d3d27a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0da4a121a8aa107f6af78265044b5b625fd95cff72cce13a1e44cc19657a1161
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02216275600204EFD704EF69D984A6EBBE5FF88740F048468E94AD7351DB70AC44DB50
                                                                                                                                                                                                          Function 0092CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 0092CDC6
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0092CDE9
                                                                                                                                                                                                            • Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0092CE0F
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092CE22
                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0092CE31
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                                          • Opcode ID: 3e2516858737398fb9b20461449db299097f7e51898a349247a9c93f79da7aa5
                                                                                                                                                                                                          • Instruction ID: 2d6d8831caf73134e387f9570de7db9203e426b18e6e3504f5fc207da228d8ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e2516858737398fb9b20461449db299097f7e51898a349247a9c93f79da7aa5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C901D4F26052357F632116B67C8CD7F6A6DDEC6BA13160129F905C7208EA718D0293B1
                                                                                                                                                                                                          Function 00909639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00909693
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 009096A2
                                                                                                                                                                                                          • BeginPath.GDI32(?), ref: 009096B9
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 009096E2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                          • Opcode ID: c10fd0ca6dad42c7d066ae305b1a88c4c0158e427f1b2249aa049b2eccb31b9c
                                                                                                                                                                                                          • Instruction ID: 2989a4f3844f96aa29287f76321c15df37affefffc47032d9480784db2904502
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c10fd0ca6dad42c7d066ae305b1a88c4c0158e427f1b2249aa049b2eccb31b9c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6218E71C2A305EFDB119F64FC18BA97BA8BB42755F100216F410A71F2D3769891EFA8
                                                                                                                                                                                                          Function 00955711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                          • Opcode ID: f85df4892e1fc945362be07ba8a6812730615e0d23bb2612d79c591f8ef832b7
                                                                                                                                                                                                          • Instruction ID: a6c21e0711ed6d8596613dc17296ef0679de652b74404c14395c698df4c41f14
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f85df4892e1fc945362be07ba8a6812730615e0d23bb2612d79c591f8ef832b7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E901B56174160DBBD208E5129DA2FFB735C9BA539AF124020FE189A246F760EE5583A0
                                                                                                                                                                                                          Function 00922DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0091F2DE,00923863,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6), ref: 00922DFD
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922E32
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922E59
                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,008F1129), ref: 00922E66
                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,008F1129), ref: 00922E6F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                          • Opcode ID: ba6376b6c23498a30bd5ea70b67f67d77f8a1c91b064412b46e695d979d52c78
                                                                                                                                                                                                          • Instruction ID: 35385532abde35bcd4ee0a01f05626c09fc9d6a45bf19121dafea41bf75630f4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba6376b6c23498a30bd5ea70b67f67d77f8a1c91b064412b46e695d979d52c78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C801287620963077C61267387C46E3F265DABD53B5B224539F425A22DEEF78CC017130
                                                                                                                                                                                                          Function 0095000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?,?,0095035E), ref: 0095002B
                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950046
                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950054
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?), ref: 00950064
                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950070
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                                          • Opcode ID: 7677b58dabb199c201c0a56b5ea1a1549ce8ee607f44c389ddf3641f08aeee1e
                                                                                                                                                                                                          • Instruction ID: 237ae4d09a669cbe09e0938e0e390c9f1a8e68cae5795dcb2ee09883552ff000
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7677b58dabb199c201c0a56b5ea1a1549ce8ee607f44c389ddf3641f08aeee1e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9301ADB2610208BFDB108F7AEC04BAA7AEDEF84792F144124FD05D2250E775DD44EBA0
                                                                                                                                                                                                          Function 0095E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0095E997
                                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0095E9A5
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0095E9AD
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0095E9B7
                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0095E9F3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                          • Opcode ID: f66f3f05bdf41356161b5d79c5d1d8896b0bcf83372fc6598009ea329e4faec1
                                                                                                                                                                                                          • Instruction ID: 8612d23cfa773b05ab4f6c628adb319e775c4b73465da1bdc61ee221ff418b56
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f66f3f05bdf41356161b5d79c5d1d8896b0bcf83372fc6598009ea329e4faec1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE015B71C0992DDBCF04DBE6D8A96DDBB78BF09312F000546E912B2240DB359658DBA1
                                                                                                                                                                                                          Function 009510F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00951114
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951120
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 0095112F
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951136
                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0095114D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                                          • Opcode ID: ddc16a73a4d9934c3e9786adebdaa60bbd9ab52de6a37ab8c8a1fac2494e18f6
                                                                                                                                                                                                          • Instruction ID: 312958ab65b7ce9201ddb91bc6d34f4630b7c44990a167de61a8cc158dd31d38
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc16a73a4d9934c3e9786adebdaa60bbd9ab52de6a37ab8c8a1fac2494e18f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E50169B5204605BFDB114FA5EC8DA6A3B6EEF893A1B210459FA41C3360DB31DC00AF70
                                                                                                                                                                                                          Function 00950FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00950FCA
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00950FD6
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00950FE5
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00950FEC
                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00951002
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                          • Opcode ID: 05dc642baa079505d1896cbe168a8578709f2198673c36c1d0970c209b5728da
                                                                                                                                                                                                          • Instruction ID: d44614f1bf37165b86b6e435cc61a42810b51cb8d45b5b8d61f2a182a577e7b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05dc642baa079505d1896cbe168a8578709f2198673c36c1d0970c209b5728da
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DF0A9B5204301ABDB214FA5AC8DF563BADEF89762F500414FA06CA3A0CA30DC409B70
                                                                                                                                                                                                          Function 00951014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0095102A
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00951036
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951045
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0095104C
                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951062
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                          • Opcode ID: f84297416c9fc4c7e858ba5c1ddadd645984044e9494ead3ea0fd7eb2038e9c6
                                                                                                                                                                                                          • Instruction ID: baf3682b592b27c4ba79766cbd79b5062f32e2592f00e0229811729352517931
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f84297416c9fc4c7e858ba5c1ddadd645984044e9494ead3ea0fd7eb2038e9c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADF049B5214311ABDB215FA5EC89F563BADEF89762F200415FA46CA390CA70D8409B70
                                                                                                                                                                                                          Function 0096030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960324
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960331
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 0096033E
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 0096034B
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960358
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960365
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                          • Opcode ID: a5faedbb953917f40f8bd14464a36135fb5a505c3098cd1ef28b3694dae35065
                                                                                                                                                                                                          • Instruction ID: 7bd0e89fce1596de5c5f8d6c0303f6ee166fb8f00914e98c18cecc1ce62e113b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5faedbb953917f40f8bd14464a36135fb5a505c3098cd1ef28b3694dae35065
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3019C72800B159FCB31AF66D8C0813FBF9BEA02163158A3FD19652A31C3B1A959DF80
                                                                                                                                                                                                          Function 0092D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D752
                                                                                                                                                                                                            • Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
                                                                                                                                                                                                            • Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D764
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D776
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D788
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092D79A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                          • Opcode ID: a6a4e89e33fc9abf51531943232a2e317a1f1c8a8344c686ed57a7ed2260a3c7
                                                                                                                                                                                                          • Instruction ID: 66b714df6f8f18e7a699d7a08d057454206196183bd17d896bcc71311c97567f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6a4e89e33fc9abf51531943232a2e317a1f1c8a8344c686ed57a7ed2260a3c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF036B2559224BB9625EB64FBC5D1677DDBB487207E40D05F048D7509C734FCC09674
                                                                                                                                                                                                          Function 00955C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00955C58
                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00955C6F
                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00955C87
                                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 00955CA3
                                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00955CBD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                                          • Opcode ID: 112560c5e030b766d397e598d55644a42dc849bc8d06f7606d734f23052861ac
                                                                                                                                                                                                          • Instruction ID: e9d3df6d0bfa99b6b5ae344b584773099459819a8750f3383f70ed760f5cf2c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 112560c5e030b766d397e598d55644a42dc849bc8d06f7606d734f23052861ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05018B705147049BEB205B11DD5EFA577B8BF00706F010569A593A15E2E7F459489B50
                                                                                                                                                                                                          Function 009222A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _free.LIBCMT ref: 009222BE
                                                                                                                                                                                                            • Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
                                                                                                                                                                                                            • Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0
                                                                                                                                                                                                          • _free.LIBCMT ref: 009222D0
                                                                                                                                                                                                          • _free.LIBCMT ref: 009222E3
                                                                                                                                                                                                          • _free.LIBCMT ref: 009222F4
                                                                                                                                                                                                          • _free.LIBCMT ref: 00922305
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                          • Opcode ID: f982dc891758c0d3cfad26e07906f758837887e5d16d23d7d83ed850c249ddf3
                                                                                                                                                                                                          • Instruction ID: dffeb859a83b07a30fcb7ec0fb1d388e1d74fd8db7663f4d1a7498515183c410
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f982dc891758c0d3cfad26e07906f758837887e5d16d23d7d83ed850c249ddf3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF054B8C28131EBC612AF54BD01D483F64F75D7A1B41060AF430D227AC7350491BFE8
                                                                                                                                                                                                          Function 009095C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 009095D4
                                                                                                                                                                                                          • StrokeAndFillPath.GDI32(?,?,009471F7,00000000,?,?,?), ref: 009095F0
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00909603
                                                                                                                                                                                                          • DeleteObject.GDI32 ref: 00909616
                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00909631
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                                                                          • Opcode ID: 2adbe466f3bf60240b8bcd48248057820617a25519f1eb3a79760b39561467b4
                                                                                                                                                                                                          • Instruction ID: e12c954efd258de4eb00ef41f551fb9c39a20355b8131db33c27275d499cea0c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2adbe466f3bf60240b8bcd48248057820617a25519f1eb3a79760b39561467b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F03C3042D704EFDB525F65FD1CB643B65AB023A2F048214F425551F2C73589A1FF28
                                                                                                                                                                                                          Function 00920F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                                          • Opcode ID: 52e1eebd8e2b19254d5781e861a24b8895930254af2a373638b9ce3cf07c8c29
                                                                                                                                                                                                          • Instruction ID: a7422413a7bec28fcb12c79a09468dd5b8b48d782241039faef3de3e3a7d0d3a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52e1eebd8e2b19254d5781e861a24b8895930254af2a373638b9ce3cf07c8c29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5D14631D00226DBCB28DF68E845BFEB7BAFF25310F244119E9019B659D3399DA1CB91
                                                                                                                                                                                                          Function 00977B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00910242: EnterCriticalSection.KERNEL32(009C070C,009C1884,?,?,0090198B,009C2518,?,?,?,008F12F9,00000000), ref: 0091024D
                                                                                                                                                                                                            • Part of subcall function 00910242: LeaveCriticalSection.KERNEL32(009C070C,?,0090198B,009C2518,?,?,?,008F12F9,00000000), ref: 0091028A
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 009100A3: __onexit.LIBCMT ref: 009100A9
                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00977BFB
                                                                                                                                                                                                            • Part of subcall function 009101F8: EnterCriticalSection.KERNEL32(009C070C,?,?,00908747,009C2514), ref: 00910202
                                                                                                                                                                                                            • Part of subcall function 009101F8: LeaveCriticalSection.KERNEL32(009C070C,?,00908747,009C2514), ref: 00910235
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                          • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                          • API String ID: 535116098-3733170431
                                                                                                                                                                                                          • Opcode ID: 308efb6d041ac80672a3da1d182c9ab2424f4d03761d774efd8647eb37a1affa
                                                                                                                                                                                                          • Instruction ID: 2c148de569c3d5f7dc2f5365400e627a22bb71e23644b553b4af5633ad3ffa51
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 308efb6d041ac80672a3da1d182c9ab2424f4d03761d774efd8647eb37a1affa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA917B72A04209AFCB14EF94C891EBDB7B5FF89304F14C459F84A9B291DB71AE41CB51
                                                                                                                                                                                                          Function 00952716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0095B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009521D0,?,?,00000034,00000800,?,00000034), ref: 0095B42D
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00952760
                                                                                                                                                                                                            • Part of subcall function 0095B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0095B3F8
                                                                                                                                                                                                            • Part of subcall function 0095B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0095B355
                                                                                                                                                                                                            • Part of subcall function 0095B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00952194,00000034,?,?,00001004,00000000,00000000), ref: 0095B365
                                                                                                                                                                                                            • Part of subcall function 0095B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00952194,00000034,?,?,00001004,00000000,00000000), ref: 0095B37B
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009527CD
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0095281A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                                          • Opcode ID: 2309f8415da2c5e4654c0740a0fedd3c0555296d05a2cc1f774ff0801fc0a4b7
                                                                                                                                                                                                          • Instruction ID: 0887675ed70aa437ecf6d7ff2815e2f3016b971ededaa206c8ca2a8e6e60c0c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2309f8415da2c5e4654c0740a0fedd3c0555296d05a2cc1f774ff0801fc0a4b7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E412A72900218AFDB10DFA5CD85BEEBBB8EF49300F104099FA55B7191DB706E49CBA1
                                                                                                                                                                                                          Function 0092172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00921769
                                                                                                                                                                                                          • _free.LIBCMT ref: 00921834
                                                                                                                                                                                                          • _free.LIBCMT ref: 0092183E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                          • API String ID: 2506810119-3695852857
                                                                                                                                                                                                          • Opcode ID: 1dac456ac3c07363a6f63ff5e09106ab1136959612daf855b7282296184bda2c
                                                                                                                                                                                                          • Instruction ID: 8155c4763cc54112444808a73fb0ac8a14ec7ea4f22167d9a63a6727db2f7d9a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dac456ac3c07363a6f63ff5e09106ab1136959612daf855b7282296184bda2c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E318D75E04228ABDB21DF99A885E9EBBFCEBE5310B104166F80497215D6708E90DBA0
                                                                                                                                                                                                          Function 00984416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0098CC08,00000000,?,?,?,?), ref: 009844AA
                                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 009844C7
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009844D7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                          • Opcode ID: 2be96c39e1a6e9300b2fe276f963739b98b0d206b43bb212c9b640d00d09f322
                                                                                                                                                                                                          • Instruction ID: a0f5d58cd4cc885cb91a48399660db8214446a82756ecf5e50293cfcfb858b5e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2be96c39e1a6e9300b2fe276f963739b98b0d206b43bb212c9b640d00d09f322
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6319C71214606AFDB20AE78DC45BEA7BA9EF49334F204725F975E22E0D770AC509B60
                                                                                                                                                                                                          Function 0097304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0097335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00973077,?,?), ref: 00973378
                                                                                                                                                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0097307A
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0097309B
                                                                                                                                                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 00973106
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                                          • Opcode ID: bf5066e0031f277d8c126c4540434db6074cb527775ee44dc4954be27ec88c49
                                                                                                                                                                                                          • Instruction ID: 4d79d243f49a57aa67ea148284f599c4218f033d9acab52977be99da8b86b0cb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf5066e0031f277d8c126c4540434db6074cb527775ee44dc4954be27ec88c49
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE31E43A2042059FCB20CF28C585FAA77E4EF54318F64C459E9198B392DB32EE41D761
                                                                                                                                                                                                          Function 00983EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00983F40
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00983F54
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00983F78
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                                          • API String ID: 2326795674-1439706946
                                                                                                                                                                                                          • Opcode ID: eaa2eb7feb0b8510d77321d70cc41d0da7c4e26e54e484f063fb778e6bddfcdb
                                                                                                                                                                                                          • Instruction ID: 336e7be40c82c7fb7a454ef771547c998e04d6f48eaa4a26fea656c55682b2b5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eaa2eb7feb0b8510d77321d70cc41d0da7c4e26e54e484f063fb778e6bddfcdb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9221BF32610219BBEF159F50CC46FEA3B79EF88714F114214FE156B2D0D6B5E9509BA0
                                                                                                                                                                                                          Function 00984653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00984705
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00984713
                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0098471A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                                          • Opcode ID: fde0d57fab1c6b0c77ed8503a20e856e00b16d2bfb27e42fc81063397601b691
                                                                                                                                                                                                          • Instruction ID: 780c5b7a11206e62de86ec308365a6c17521f2b066a6bfbbd69c6cdf839df1ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fde0d57fab1c6b0c77ed8503a20e856e00b16d2bfb27e42fc81063397601b691
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2215CB5604209AFDB10EF68DC81DB737ADEF8A3A8B140059FA009B351DB30EC11DB60
                                                                                                                                                                                                          Function 009595AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                          • API String ID: 176396367-2734436370
                                                                                                                                                                                                          • Opcode ID: 71461bc5f3107cbda84bbae90975697578f51ad2b16e8d0c385d2c70456add15
                                                                                                                                                                                                          • Instruction ID: f5ed8ffcf2e20296d7236a98de1165e618de7bae60009513b4cfc7effc994d95
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71461bc5f3107cbda84bbae90975697578f51ad2b16e8d0c385d2c70456add15
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A214332204210A6E731FB2AD816FBB739CAFA1311F404426FD49DB181EB54AE9EC391
                                                                                                                                                                                                          Function 009837B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00983840
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00983850
                                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00983876
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                                          • Opcode ID: e8922af46ebc67db81c7d1490f66a9e0ecec6aee1ecd095cb899ae0d68f76702
                                                                                                                                                                                                          • Instruction ID: c92047bf27b5752727db02274939ee2abfa51a4624df99c629ad6721501b273d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8922af46ebc67db81c7d1490f66a9e0ecec6aee1ecd095cb899ae0d68f76702
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A821A472614118BBEF119F64CC45FBB376EEF89B54F11C124F9059B290DA71DC5287A0
                                                                                                                                                                                                          Function 009649F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00964A08
                                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00964A5C
                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,0098CC08), ref: 00964AD0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                                          • Opcode ID: c598c526926cfb3d5396b8d7acf7d16f44d21eff65592990a4d2be94724d5082
                                                                                                                                                                                                          • Instruction ID: 1908d7aea122f5f6a24cb997e1c5b9eab71a44fd123c17caa7e2e65383eaaf96
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c598c526926cfb3d5396b8d7acf7d16f44d21eff65592990a4d2be94724d5082
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78316275A04109AFDB10DFA8C985EAA7BF8EF48308F1480A5F909DB352D771EE45CB61
                                                                                                                                                                                                          Function 009841EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0098424F
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00984264
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00984271
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                                          • Opcode ID: cc91aae644ab7516907681dd97952e7e2eb3f37c2ba2d8cc0ed2fe67d04cb58d
                                                                                                                                                                                                          • Instruction ID: bdf3b5ec0fe69ab98244b9ae42994fd975f5743be0348936e3e22b98db770ca4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc91aae644ab7516907681dd97952e7e2eb3f37c2ba2d8cc0ed2fe67d04cb58d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36110A312542097EEF206F78CC05FAB37ACEF95754F110514FA55E2190D671DC619720
                                                                                                                                                                                                          Function 00952F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A
                                                                                                                                                                                                            • Part of subcall function 00952DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00952DC5
                                                                                                                                                                                                            • Part of subcall function 00952DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00952DD6
                                                                                                                                                                                                            • Part of subcall function 00952DA7: GetCurrentThreadId.KERNEL32 ref: 00952DDD
                                                                                                                                                                                                            • Part of subcall function 00952DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00952DE4
                                                                                                                                                                                                          • GetFocus.USER32 ref: 00952F78
                                                                                                                                                                                                            • Part of subcall function 00952DEE: GetParent.USER32(00000000), ref: 00952DF9
                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00952FC3
                                                                                                                                                                                                          • EnumChildWindows.USER32(?,0095303B), ref: 00952FEB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                                          • Opcode ID: 5d5ba465b757e667f5b4f158539c3e10159a65d260bf61d2b90a2c5f12d01d4c
                                                                                                                                                                                                          • Instruction ID: dd8bc96bf30217928c7d32ea05fefc61db48592320b83c4f0db27874e574a14c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d5ba465b757e667f5b4f158539c3e10159a65d260bf61d2b90a2c5f12d01d4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9118EB16002096BCF54BF759895BED376AAF84315F048075BD09AB292EE3099499B70
                                                                                                                                                                                                          Function 00985882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009858C1
                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009858EE
                                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 009858FD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                                          • Opcode ID: 10f69a5542db0b95d0c94f54c62edc6b58d0ea12b317ef65e9a2ee9ebcd930fd
                                                                                                                                                                                                          • Instruction ID: bacfbe3b3e65feb65906337405c4b79edb322a4483e97f8840d4c45950641f89
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f69a5542db0b95d0c94f54c62edc6b58d0ea12b317ef65e9a2ee9ebcd930fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC016171514218EFDB21AF11DC44BAEBBB8FB45360F108099F849D6261DB318A84EF31
                                                                                                                                                                                                          Function 0094D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0094D3BF
                                                                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 0094D3E5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                          • API String ID: 3013587201-2590602151
                                                                                                                                                                                                          • Opcode ID: 570362608216ada18e1b2bd3d41c1010e54a7dee6f3ffa9c3581c588f2aefc60
                                                                                                                                                                                                          • Instruction ID: 19aa8892be232a7f3170ed7cb5bb642380e1ec2c60339b0a08753b32bfbe6d2d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 570362608216ada18e1b2bd3d41c1010e54a7dee6f3ffa9c3581c588f2aefc60
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2F0ABBA90B720DBE3312A108CA8E6D33A8AF00F05B948999F402F1344F7B4CD44C7A2
                                                                                                                                                                                                          Function 0095007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fb8c1e0266bd2f1642dda701486357262a373d00f6e8ab543c27623a3464e18e
                                                                                                                                                                                                          • Instruction ID: e1e58fcdfde81a847f8b94ac77b79ee94c1de9200a2dba339a8156e3eda4395d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb8c1e0266bd2f1642dda701486357262a373d00f6e8ab543c27623a3464e18e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BC15B75A0020AEFDB14CFA5C894AAEB7B9FF88305F208598E905EB251D731ED45CB90
                                                                                                                                                                                                          Function 00923E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                                                          • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                          • Instruction ID: e8c1d438d68bbf21f1159fdd1b8297343b1a68b3ade44c338256b2e06caba46e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54A19D71E043A69FEB11CF18E8917AEBFF8EF61350F14416DE5959B286C2389D81CB90
                                                                                                                                                                                                          Function 0097342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1998397398-0
                                                                                                                                                                                                          • Opcode ID: e555382239a3ced1f9863b59d036c6097beae104d7d2dc5432f9696b4927db29
                                                                                                                                                                                                          • Instruction ID: b0c1b7e6e6f7979f6306823278ecb1675f2e9f21309688672ce6fb98c353e5e8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e555382239a3ced1f9863b59d036c6097beae104d7d2dc5432f9696b4927db29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAA136762042049FD710DF28C485A2AB7E9FF88714F04C859F98ADB362DB70EE05DB92
                                                                                                                                                                                                          Function 00950436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0098FC08,?), ref: 009505F0
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0098FC08,?), ref: 00950608
                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,0098CC40,000000FF,?,00000000,00000800,00000000,?,0098FC08,?), ref: 0095062D
                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 0095064E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                                          • Opcode ID: 8286e5f8c77004073aedcbbbf61a5dfebb279a493edf25962155001052931db6
                                                                                                                                                                                                          • Instruction ID: 8e29029afa95f8bafbdc7f51146f4d202d7e9075f004fe16d8948b4da58d886a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8286e5f8c77004073aedcbbbf61a5dfebb279a493edf25962155001052931db6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1881F875A00109EFCB04DF95C984EEEB7B9FF89315F204558F916AB250DB71AE0ACB60
                                                                                                                                                                                                          Function 0097A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0097A6AC
                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0097A6BA
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0097A79C
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0097A7AB
                                                                                                                                                                                                            • Part of subcall function 0090CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00933303,?), ref: 0090CE8A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                                          • Opcode ID: 2563945b7af5c27296e76d3558f7b72f151f18d44f83ca7ed9f34b6697af6b16
                                                                                                                                                                                                          • Instruction ID: 4375c499ba8f1b2e4c3bf2d6b1c6559e9126f9c042f9e1dc1d3e90bbee1bd176
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2563945b7af5c27296e76d3558f7b72f151f18d44f83ca7ed9f34b6697af6b16
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2510AB15083059FD714DF28D886A6BBBE8FF89754F00892DF589D72A1EB70D904CB92
                                                                                                                                                                                                          Function 00931391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                          • Opcode ID: 94487eae5c09db07a6891e543c0cc8222e1f4f079cdd7045fbf9787a17a15b39
                                                                                                                                                                                                          • Instruction ID: 1ba89932a9edecda37c556105455fdba195be47e195ca395ee1ae8cd4947fb54
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94487eae5c09db07a6891e543c0cc8222e1f4f079cdd7045fbf9787a17a15b39
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D415D35B00118ABDB257BBD9C4A7FE3BA9EF81370F144625F429D61B2E63448815B61
                                                                                                                                                                                                          Function 00986278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 009862E2
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00986315
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00986382
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                                          • Opcode ID: 68187221f5e043ae4cb247eaa7b6cd7797fd8de34406fbe914fc49f1f9f13c55
                                                                                                                                                                                                          • Instruction ID: 51e811f76d4bdd757325801e130ef449b1cde97ff6ee3f5f405fc274f20845ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68187221f5e043ae4cb247eaa7b6cd7797fd8de34406fbe914fc49f1f9f13c55
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52510A75A00209EFDB14EF68D880AAE7BB9FB45360F10816AF965DB3A1D730ED41DB50
                                                                                                                                                                                                          Function 00971AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00971AFD
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00971B0B
                                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00971B8A
                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00971B94
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                                          • Opcode ID: 87744a3f9a1ae3a5dbf15f6ed606934cf26d045a0fd8142974d5ed696d819dd6
                                                                                                                                                                                                          • Instruction ID: cf60e2f32cf1d0f933f71cb75f6fa7597e2aab65361fdb3215770aa331ccd76a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87744a3f9a1ae3a5dbf15f6ed606934cf26d045a0fd8142974d5ed696d819dd6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7418D75600200AFE720AF28C886F3977A5EB88718F54C458FA1A9F3D3E772DD418B91
                                                                                                                                                                                                          Function 0092B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 354563c79da79c662a4a648904f11fe7923e9f7bad3475a8119bc8be045a745a
                                                                                                                                                                                                          • Instruction ID: 60c31b9b64278f404b1c30f463bf3ddb71b3f00c510a80857258efa1f2f5e769
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 354563c79da79c662a4a648904f11fe7923e9f7bad3475a8119bc8be045a745a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F412C71A00714BFD724AF38DC81BAA7BE9EBC4710F10452EF556DB691D77199418B80
                                                                                                                                                                                                          Function 009656D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00965783
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 009657A9
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009657CE
                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009657FA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                                          • Opcode ID: 6d6a4775e2c3b80314e8f5675d9cb7a639296ecbdb6f03fba2b75ae5376115ba
                                                                                                                                                                                                          • Instruction ID: 20d8aa28c3deee9a0319e28c3821fa1089112e819853a774efd60da8a8c29038
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d6a4775e2c3b80314e8f5675d9cb7a639296ecbdb6f03fba2b75ae5376115ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53413E35600615DFCB11DF29C544A2DBBE6FF89320B198488E94A9B362CB74FD04CB91
                                                                                                                                                                                                          Function 0092D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00916D71,00000000,00000000,009182D9,?,009182D9,?,00000001,00916D71,8BE85006,00000001,009182D9,009182D9), ref: 0092D910
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0092D999
                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0092D9AB
                                                                                                                                                                                                          • __freea.LIBCMT ref: 0092D9B4
                                                                                                                                                                                                            • Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                          • Opcode ID: 3eb9f8bb08e7944f5af3febab8952e1cf6b22e92e7e5f8328a6e6171be92336c
                                                                                                                                                                                                          • Instruction ID: 0ed5601a82d72e5742b00866dc6b64c472e2978e5f216d22c82d6276eb7083ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb9f8bb08e7944f5af3febab8952e1cf6b22e92e7e5f8328a6e6171be92336c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F531E372A0221AABDF24DF64EC85EAE7BA9EF40710F054168FC04D7254E735CD90CBA0
                                                                                                                                                                                                          Function 009852C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00985352
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00985375
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00985382
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009853A8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                                          • Opcode ID: 1841f09892a2b19167c390ddb65a58994172fb4665555c8f1e3b87db74792b32
                                                                                                                                                                                                          • Instruction ID: bfb2a0d8eda31b015eca125a876160221ac6066f4841e35bec22c79e765c8dc0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1841f09892a2b19167c390ddb65a58994172fb4665555c8f1e3b87db74792b32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8631D070A59A08FFEB34BA14CC05FE83769AB053D1F594003FA10963E1C7B49E48EB51
                                                                                                                                                                                                          Function 0095AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0095ABF1
                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0095AC0D
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0095AC74
                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0095ACC6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                          • Opcode ID: 75f26dee463005ea04c9e81726d809f491fbf3400c41450f1249fd80bb8bdcec
                                                                                                                                                                                                          • Instruction ID: 24b1945002e504c11afff10affec73dcc37021e3d1f61194cf0e3314d1519893
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75f26dee463005ea04c9e81726d809f491fbf3400c41450f1249fd80bb8bdcec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94314C309043186FFF34CB66CC057FA7BA96B85312F04471AE8C5561D0C3388D899756
                                                                                                                                                                                                          Function 00987674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0098769A
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00987710
                                                                                                                                                                                                          • PtInRect.USER32(?,?,00988B89), ref: 00987720
                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 0098778C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                          • Opcode ID: d6482f104581596ae37334fa4f8ef55254541fb02d9db6c4226be807a110c647
                                                                                                                                                                                                          • Instruction ID: cfc9d2289b35d4f11e72fc7c3c918b9761ef6aeb2941395f64899c91b97735de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6482f104581596ae37334fa4f8ef55254541fb02d9db6c4226be807a110c647
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88418B74A09215DFCB01EF98D894EA9B7F9FB4A314F2940A8E8149B361D730E941DF90
                                                                                                                                                                                                          Function 009816DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 009816EB
                                                                                                                                                                                                            • Part of subcall function 00953A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00953A57
                                                                                                                                                                                                            • Part of subcall function 00953A3D: GetCurrentThreadId.KERNEL32 ref: 00953A5E
                                                                                                                                                                                                            • Part of subcall function 00953A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009525B3), ref: 00953A65
                                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 009816FF
                                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 0098174C
                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00981752
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                                          • Opcode ID: 4168879bded1baf2afb789803f1c70de1f0bdf3e256a2e5ef09178a301412751
                                                                                                                                                                                                          • Instruction ID: 673945510bd894ad0fb54a1e60e1b00cf137f59b61e3598e5a683ccebf5297b2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4168879bded1baf2afb789803f1c70de1f0bdf3e256a2e5ef09178a301412751
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B310C75D00149AFDB00EFA9C9819AEBBFDEF88304B5480A9E515E7311EA319E45CBA1
                                                                                                                                                                                                          Function 0095DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095DFCB
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095DFE2
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0095E00D
                                                                                                                                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0095E018
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3763101759-0
                                                                                                                                                                                                          • Opcode ID: 3b2c70713c35b005c8b1da1aff2a8e3e5c7dc140254e664ee66cb407c724dc1f
                                                                                                                                                                                                          • Instruction ID: 9d6494fd8378af559d1d035990f5353f525e2e1546706cba768b6af38df5ae05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b2c70713c35b005c8b1da1aff2a8e3e5c7dc140254e664ee66cb407c724dc1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC21B571900218AFCB20EFA8D982BAEB7F8EF85750F144065ED05FB281D7749E40CBA1
                                                                                                                                                                                                          Function 00988FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00989001
                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00947711,?,?,?,?,?), ref: 00989016
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 0098905E
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00947711,?,?,?), ref: 00989094
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                                          • Opcode ID: 2d81639d7ca2b967cb42146a4173df693249c183f44d59f17c2dc9bfed8a0026
                                                                                                                                                                                                          • Instruction ID: 06bc5e821ccca8144496c80a555e642b6931c727189fdb326b13936d18504e56
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d81639d7ca2b967cb42146a4173df693249c183f44d59f17c2dc9bfed8a0026
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5021A135615018EFCB259F94CC58FFA7BB9EF8A350F184065F906573A2C3359990EB60
                                                                                                                                                                                                          Function 0095D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0098CB68), ref: 0095D2FB
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0095D30A
                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0095D319
                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0098CB68), ref: 0095D376
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2267087916-0
                                                                                                                                                                                                          • Opcode ID: 64a6fe5891efd7d5b29f448e5b5c2267434c0413fc50e0684ac772f8cb7acd8e
                                                                                                                                                                                                          • Instruction ID: 8b12a7d00c89dc418254c4a9a4409f4a7da61f9fc0393d8596fcec890458f08f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64a6fe5891efd7d5b29f448e5b5c2267434c0413fc50e0684ac772f8cb7acd8e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A021717050A2019FC720DF39C88186AB7E8FE96369F104A1DF899C72A1D731D949CB93
                                                                                                                                                                                                          Function 00951571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00951014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0095102A
                                                                                                                                                                                                            • Part of subcall function 00951014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00951036
                                                                                                                                                                                                            • Part of subcall function 00951014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951045
                                                                                                                                                                                                            • Part of subcall function 00951014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0095104C
                                                                                                                                                                                                            • Part of subcall function 00951014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951062
                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009515BE
                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 009515E1
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00951617
                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 0095161E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1592001646-0
                                                                                                                                                                                                          • Opcode ID: 4cf0bbc9ad0cd7bfea8a5ed001321b0a2aa1a878e95a806d3eb206e66bbdb397
                                                                                                                                                                                                          • Instruction ID: 41e61a77ae2d8f84fd8820e80d9b66d6f2a8a0070d444fed230a19fcf0f32a4b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cf0bbc9ad0cd7bfea8a5ed001321b0a2aa1a878e95a806d3eb206e66bbdb397
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E21AC71E41109EFDF04DFA5C949BEEB7B8EF84346F084459E851AB241E730AE49DBA0
                                                                                                                                                                                                          Function 00982782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 0098280A
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00982824
                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00982832
                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00982840
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                                          • Opcode ID: 512433e802128b2cfe7394e4c8534ca4641f73015bc9e30a19deb6ed843ecf28
                                                                                                                                                                                                          • Instruction ID: 13d0a19b88c7336a2b7af9c1205c2a465b005337871ab9ca1cd026e917637e40
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 512433e802128b2cfe7394e4c8534ca4641f73015bc9e30a19deb6ed843ecf28
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB21D335208115AFDB14AB24C844FAA7B99EF85324F148158F426CB7E2CB75FC42CB90
                                                                                                                                                                                                          Function 009578F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00958D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0095790A,?,000000FF,?,00958754,00000000,?,0000001C,?,?), ref: 00958D8C
                                                                                                                                                                                                            • Part of subcall function 00958D7D: lstrcpyW.KERNEL32(00000000,?,?,0095790A,?,000000FF,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00958DB2
                                                                                                                                                                                                            • Part of subcall function 00958D7D: lstrcmpiW.KERNEL32(00000000,?,0095790A,?,000000FF,?,00958754,00000000,?,0000001C,?,?), ref: 00958DE3
                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00957923
                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00957949
                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00957984
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                                          • Opcode ID: b9b5919d4784262690fc17639a2eef207df2fd86f1895ef77a4c3701d6314658
                                                                                                                                                                                                          • Instruction ID: 5b98936ba4da8b6b4cb9f939b8e8996e7af7ed002a9cfe018ce522e48faad871
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9b5919d4784262690fc17639a2eef207df2fd86f1895ef77a4c3701d6314658
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911067A204241AFCB159F76E854E7BB7A9FF85391B00402AFC02C73A4EB319905D761
                                                                                                                                                                                                          Function 00987CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00987D0B
                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00987D2A
                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00987D42
                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0096B7AD,00000000), ref: 00987D6B
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 847901565-0
                                                                                                                                                                                                          • Opcode ID: baaa3c912c189ce6eba8884e565516e6a5ca48eda8caff06bf25742666333168
                                                                                                                                                                                                          • Instruction ID: bc328e2643f0246b9b4d77133f47c0f560c5984bac6f849678e1a5d153df6b6d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: baaa3c912c189ce6eba8884e565516e6a5ca48eda8caff06bf25742666333168
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF11D232518615AFCB10AF68DC04E667BA8AF463A0B254724F836D73F0E730C950DB50
                                                                                                                                                                                                          Function 00985660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 009856BB
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009856CD
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009856D8
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00985816
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                                          • Opcode ID: 6810ce33b46de4353ea31fd0392117991523b52a63404da39c08e5621eff4ba1
                                                                                                                                                                                                          • Instruction ID: ebbe27ca580dde4fc481153484b44c27d7792a3224d421eafec38a9c23ed7d90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6810ce33b46de4353ea31fd0392117991523b52a63404da39c08e5621eff4ba1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49112275A14608A6DF20FFB1CC81BEE77ACEF41760F50442AF915D6291EB74CA88CB60
                                                                                                                                                                                                          Function 00921D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4dee6ea51fdca590fd5ecc29ae72d286a51d0cf075cf986793f7c0fbb75e77bb
                                                                                                                                                                                                          • Instruction ID: 17e387f6c0cfa4a675419819424dcc05358bbe17b0e3700db3821084986b689c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dee6ea51fdca590fd5ecc29ae72d286a51d0cf075cf986793f7c0fbb75e77bb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6018BB220962ABFF6212A787CC1F67661CDFA13B8B300725F521A12DADB608C615270
                                                                                                                                                                                                          Function 00951A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00951A47
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00951A59
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00951A6F
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00951A8A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                          • Opcode ID: 00c2085503c1bc1a6c5e06f7cd7b6e87a0dae37e4bfc29d6648c3e3960e20d08
                                                                                                                                                                                                          • Instruction ID: 1a0c4aecf5b4ed8a477b96a2e33cbc51e06365c3614bc2882268f6c1d9bde56c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00c2085503c1bc1a6c5e06f7cd7b6e87a0dae37e4bfc29d6648c3e3960e20d08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B11097AD01219FFEF11DBA5CD85FADBB78EB08750F2004A1EA04B7290D6716E50DB94
                                                                                                                                                                                                          Function 0095E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0095E1FD
                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0095E230
                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0095E246
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0095E24D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                                          • Opcode ID: 99497bca0428ab73771e7bda6bb14168281e715a3f57365057a2bd76552c700b
                                                                                                                                                                                                          • Instruction ID: cac9a326164f2e65424e7f7f7f4fd77337667c72ef7b112baee1a1d6931d4242
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99497bca0428ab73771e7bda6bb14168281e715a3f57365057a2bd76552c700b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71112BB6D18254BBC705DFA9AC09E9E7FACDB45315F004255F824E3391D6B1CE0497B0
                                                                                                                                                                                                          Function 0091D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,0091CFF9,00000000,00000004,00000000), ref: 0091D218
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0091D224
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0091D22B
                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 0091D249
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                          • Opcode ID: a79d4216e6e1dd42535d64c638c2e6af3dc4e39c91b0eee50761da2effc95699
                                                                                                                                                                                                          • Instruction ID: 17742e6856a80f3ffae12c2da417ae443b97c96bed071538283fa2444dc2f648
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a79d4216e6e1dd42535d64c638c2e6af3dc4e39c91b0eee50761da2effc95699
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD01D276A0A20CBBDB115BA5EC09BEA7B6DDFC1330F200619F935962D0DB718981D7A0
                                                                                                                                                                                                          Function 00989EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00989F31
                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00989F3B
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00989F46
                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00989F7A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4127811313-0
                                                                                                                                                                                                          • Opcode ID: efdee91bdeeb6d9018bd6dc31c52232040d0ad5206d575ab19d2271687777429
                                                                                                                                                                                                          • Instruction ID: e8672ab89945315e4f0a63fa70fbae95b96df52f79c4f2442173b507f75d6392
                                                                                                                                                                                                          • Opcode Fuzzy Hash: efdee91bdeeb6d9018bd6dc31c52232040d0ad5206d575ab19d2271687777429
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0111487290411AABDB15EFA8D845EFE77B9FB45311F140455FA12E3241D330BE81DBA1
                                                                                                                                                                                                          Function 008F600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008F604C
                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 008F6060
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 008F606A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                          • Opcode ID: fe49bb8f6622d5b03f1d0ebb75fbb9cf000907805f0ce705a125cc9d873736c6
                                                                                                                                                                                                          • Instruction ID: 3544d3054a592387e3a4a1797544bd9e2e9f297c57503c1dbe04471b102584d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe49bb8f6622d5b03f1d0ebb75fbb9cf000907805f0ce705a125cc9d873736c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92115EB251590DBFEF124FA49C44EFA7B69FF59364F140215FA15A2110EB329C60ABA0
                                                                                                                                                                                                          Function 00913B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 00913B56
                                                                                                                                                                                                            • Part of subcall function 00913AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00913AD2
                                                                                                                                                                                                            • Part of subcall function 00913AA3: ___AdjustPointer.LIBCMT ref: 00913AED
                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 00913B6B
                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00913B7C
                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00913BA4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                          • Instruction ID: ab225d26cf8885078d2c5b6e28bc2b8f4c4e9edac4b87a83c7b27aa6575b89aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5001D77220014DBBDF125E95CC46EEB7BBDEF98754F048014FE5866121D632E9A1DBA0
                                                                                                                                                                                                          Function 00923073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008F13C6,00000000,00000000,?,0092301A,008F13C6,00000000,00000000,00000000,?,0092328B,00000006,FlsSetValue), ref: 009230A5
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0092301A,008F13C6,00000000,00000000,00000000,?,0092328B,00000006,FlsSetValue,00992290,FlsSetValue,00000000,00000364,?,00922E46), ref: 009230B1
                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0092301A,008F13C6,00000000,00000000,00000000,?,0092328B,00000006,FlsSetValue,00992290,FlsSetValue,00000000), ref: 009230BF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                          • Opcode ID: e1ae863c497aa9813aef9da8498527212256144494221c5dda6a587b13e80bc3
                                                                                                                                                                                                          • Instruction ID: 3c2b63dceb4ce8e7f8dc003ddaa674bf3c1262fca3ff172566873a849a839857
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1ae863c497aa9813aef9da8498527212256144494221c5dda6a587b13e80bc3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0012B72799236ABCB314B78BC44A577B9CEF45B61B108A24F916E3284D739D901C7F0
                                                                                                                                                                                                          Function 00957464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0095747F
                                                                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00957497
                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009574AC
                                                                                                                                                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 009574CA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1352324309-0
                                                                                                                                                                                                          • Opcode ID: 8b2d17b2f1b11ab93f932cb18dbd3652880f9db5635c7147cebbf550444af75a
                                                                                                                                                                                                          • Instruction ID: 66ef4e29a22fb66bf4b258785f4f741c81df8d546847970d1f4fbe7b198cf713
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b2d17b2f1b11ab93f932cb18dbd3652880f9db5635c7147cebbf550444af75a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2911A5B12093149BE720CFA5EC08F92BBFDEB00701F108959AD16D6261D774EA48DB61
                                                                                                                                                                                                          Function 0095B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B0C4
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B0E9
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B0F3
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B126
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                                          • Opcode ID: a58510e6016aa81731ef3cd399d127c5c726bbef1cd621e12f954851935eca8b
                                                                                                                                                                                                          • Instruction ID: 2a675e43fb107eb9530ef1fa28c28597ea771a092735eb61db5e8d58e078c08d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58510e6016aa81731ef3cd399d127c5c726bbef1cd621e12f954851935eca8b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B118B70C0992CEBCF00EFE6E9A86EEBB78FF09312F004485D941B2285CB3446549B61
                                                                                                                                                                                                          Function 00987E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00987E33
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00987E4B
                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00987E6F
                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00987E8A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                                          • Opcode ID: 378a242db15ecf7963947585524f3c9e07a082317017e70f3b68d534696be1f0
                                                                                                                                                                                                          • Instruction ID: d54761cfad32a1ed63b1aeb6b0360eec7ef1eee9378eeacb234fd646081de4a9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 378a242db15ecf7963947585524f3c9e07a082317017e70f3b68d534696be1f0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 821143B9D0420AAFDB41DF98C884AEEBBF9FF08310F505066E925E2310D735AA54DF60
                                                                                                                                                                                                          Function 00952DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00952DC5
                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00952DD6
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00952DDD
                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00952DE4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                                          • Opcode ID: 7abec88dea846af222d30cabc2b936f0ef6c12bb8504906a28ab425d0044032f
                                                                                                                                                                                                          • Instruction ID: bec1a087ea192c3cc22c3b83c4e184e5a505cf22c7f6c84aed0ed01c8add527e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7abec88dea846af222d30cabc2b936f0ef6c12bb8504906a28ab425d0044032f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E092B11192247BD7205B73AC0DFEB3E6CEF43BA2F000125F906D5180AAB4C844D7B0
                                                                                                                                                                                                          Function 00988863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00909639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00909693
                                                                                                                                                                                                            • Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096A2
                                                                                                                                                                                                            • Part of subcall function 00909639: BeginPath.GDI32(?), ref: 009096B9
                                                                                                                                                                                                            • Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096E2
                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00988887
                                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 00988894
                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 009888A4
                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 009888B2
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                          • Opcode ID: f10f9cb5d68365d6bb7837d7c21470ee41f35510999ac0340f950461d44bfd59
                                                                                                                                                                                                          • Instruction ID: e8759d15d890786c774881f84a387e8676ab0f16e2cf0b162298bc434f51ecc5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f10f9cb5d68365d6bb7837d7c21470ee41f35510999ac0340f950461d44bfd59
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF03436059258BAEB126F94AC0AFCA3A69AF06350F448000FA11652E2C7B95521EBB9
                                                                                                                                                                                                          Function 009098B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 009098CC
                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 009098D6
                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 009098E9
                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 009098F1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                                          • Opcode ID: 6189864b6a044c24e34f3c691dfcb11f13e7bc23973e594669f817d3b35149ca
                                                                                                                                                                                                          • Instruction ID: 96df6c3188ca0321ff280907479290a5434d25c444a6a9580b1c4920b211022b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6189864b6a044c24e34f3c691dfcb11f13e7bc23973e594669f817d3b35149ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80E0927125C284AEDF215BB4FC0DBE87F25EB12336F04821AF6FA581E1C3714640AB20
                                                                                                                                                                                                          Function 0095162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00951634
                                                                                                                                                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,009511D9), ref: 0095163B
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009511D9), ref: 00951648
                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,009511D9), ref: 0095164F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3974789173-0
                                                                                                                                                                                                          • Opcode ID: 36b8077c8525aa106d063ad2ee7296f13f212b261ecfa81f9c4ffab57f735710
                                                                                                                                                                                                          • Instruction ID: 012fc4cbd8795f45b9dc87706a25020454c99addb8b3bbce4638efd43d14367f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36b8077c8525aa106d063ad2ee7296f13f212b261ecfa81f9c4ffab57f735710
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEE08CB2616211EBDB201FB1AE0DB863B7CAF457D2F158808F645D9080E7348445EB70
                                                                                                                                                                                                          Function 0094D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0094D858
                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0094D862
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0094D882
                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0094D8A3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                          • Opcode ID: c53bce7c7ca8471575938164a94b17205786a6c8c82b08eb52018930aaec9e87
                                                                                                                                                                                                          • Instruction ID: 8f4b8e94aa055d14ee70648726e13b1a8280b2c921033c3b6e1c10c377cbf777
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c53bce7c7ca8471575938164a94b17205786a6c8c82b08eb52018930aaec9e87
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E0E5B481420ADFCB419FB09908A6DBBB5FB08310B108419E906E7350DB385901AF60
                                                                                                                                                                                                          Function 0094D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0094D86C
                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0094D876
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0094D882
                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0094D8A3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                          • Opcode ID: fbdca6288d8bebaba0e76d0cef7cb5dd02ab82272e235a21c542a7c2e28e6df9
                                                                                                                                                                                                          • Instruction ID: fd0291b8dfabff0bae55936bb9191f8e9513ce5b36bcb1200296a8f79cc819d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbdca6288d8bebaba0e76d0cef7cb5dd02ab82272e235a21c542a7c2e28e6df9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCE012B481820AEFCF40AFB0E80C66DBBB5FB08310B108418E90AE7350DB385A01AF60
                                                                                                                                                                                                          Function 00964D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625
                                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00964ED4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                                          • Opcode ID: 7eaca7cea729fb9999e6d4b66e6bbf0a544af09d97c21db050ff03d965559f07
                                                                                                                                                                                                          • Instruction ID: 8ea3d9c143c3efb2f7d9f87cbe2edbc5c7292b8a9d8e3929f0730f2c72815037
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7eaca7cea729fb9999e6d4b66e6bbf0a544af09d97c21db050ff03d965559f07
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F915275A002049FDB15DF98C484EAABBF5FF48304F158099E40A9F3A2D775ED85CB91
                                                                                                                                                                                                          Function 0090E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                          • Opcode ID: 237162136cbc198cb4fcb8585b048393c34e1ad6076e603609c2bf3d38b1f1eb
                                                                                                                                                                                                          • Instruction ID: 31f4df7fe3a96229e7a8f5aa20ab1ce5e39fe139484d68240e532954aa80ab4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 237162136cbc198cb4fcb8585b048393c34e1ad6076e603609c2bf3d38b1f1eb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0851217590424ADFDF15DF38C481AFA7BA8FF55320F244869E8A19B2D0E7349D42CBA1
                                                                                                                                                                                                          Function 0090F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0090F2A2
                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 0090F2BB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                                          • Opcode ID: 8d46d530e2220ee174de0b90f4511e487112dfe400c63a5ada0e6daff14d75f1
                                                                                                                                                                                                          • Instruction ID: d795ceae74dbeeccf37f8d0cb584fedb2696554c860dc1811447dab1ecc4bcc5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d46d530e2220ee174de0b90f4511e487112dfe400c63a5ada0e6daff14d75f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB51297141C7499BD320AF28D886BABB7F8FF85300F81485DF29981195EF708929CB67
                                                                                                                                                                                                          Function 00975745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009757E0
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 009757EC
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                          • String ID: CALLARGARRAY
                                                                                                                                                                                                          • API String ID: 157775604-1150593374
                                                                                                                                                                                                          • Opcode ID: 1d97d7f8b615e056d2e3aa23e602b0e07dc9e3c391e0f580e42d76b166ab3811
                                                                                                                                                                                                          • Instruction ID: 7f3338abf4a04f89edc9bb3665c959d0d3ff16c7f63f5dc43016870eacde8246
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d97d7f8b615e056d2e3aa23e602b0e07dc9e3c391e0f580e42d76b166ab3811
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B419371A001099FCB14DFA9C8819FEBBF5FF99310F11842DE509A72A1E7709D81CB51
                                                                                                                                                                                                          Function 0096D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0096D130
                                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0096D13A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                                          • Opcode ID: 331c989dd873a6fbefff887715c2e7816b8e17e7767b8b4b2d759e4a868c1772
                                                                                                                                                                                                          • Instruction ID: 1bed8a1b01fb11d0eceddd3d788e1703b399e73c523a18166ca3a1b1192699aa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 331c989dd873a6fbefff887715c2e7816b8e17e7767b8b4b2d759e4a868c1772
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28315B71D01209EBCF15EFA4CC85AEEBFB9FF05340F100019F929A6162E775AA56CB61
                                                                                                                                                                                                          Function 0098356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00983621
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0098365C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                                          • Opcode ID: 36872ec8306fa7783daef71e10400d27ed878a3b0fde13e59a394891a6ea68ac
                                                                                                                                                                                                          • Instruction ID: ea42e8e4fd8365cdfd35a9800fdbce7287fd21597b5b8144ffce3f3b8abaf54b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36872ec8306fa7783daef71e10400d27ed878a3b0fde13e59a394891a6ea68ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5318D71110604AEDB10AF38DC81FBB73ADFF88B24F108619F9A5D7280DA30AD91D760
                                                                                                                                                                                                          Function 00984537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0098461F
                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00984634
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                                          • Opcode ID: 4187a97a6c0e83310beeaf8b7da391403585112d26f6f0cf918b079862a1428f
                                                                                                                                                                                                          • Instruction ID: 96ddbabe6f928e5a2d48743e68f447cdd547ab4b88c522344211c7bedc18f873
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4187a97a6c0e83310beeaf8b7da391403585112d26f6f0cf918b079862a1428f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 313107B5A0130A9FDB14DFA9C990BDE7BB9FF49300F14406AE905AB351E770A941CF90
                                                                                                                                                                                                          Function 009831EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0098327C
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00983287
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                                                                          • Opcode ID: cf9fd00450809dcd7508a8846a7c7aad2460ae4ced4b69cfe1fa5bce763772f1
                                                                                                                                                                                                          • Instruction ID: 3b03bf2874f9b37f91dc30add8ff93246e730919e364207220c447dafa288de6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf9fd00450809dcd7508a8846a7c7aad2460ae4ced4b69cfe1fa5bce763772f1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7411B2713142087FEF21AE94DC84EBB376EEB94764F108228F92897391D6719D519760
                                                                                                                                                                                                          Function 0095EF10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                          • String ID: 0H$HANDLE
                                                                                                                                                                                                          • API String ID: 176396367-4109945204
                                                                                                                                                                                                          • Opcode ID: 48deb52f5dcb1a1ec2d68bc8dc9d77364c80f45fa2f2292cbd0477775692746a
                                                                                                                                                                                                          • Instruction ID: 2e4024e0c8f0aa6256457d01b5bf4d1121d25877a37c2a8b755b20374b4ac678
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48deb52f5dcb1a1ec2d68bc8dc9d77364c80f45fa2f2292cbd0477775692746a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B211E1725101189AE71CCF56D889BADB3ADDB80763F60446AEC40CE0C4EF769F898714
                                                                                                                                                                                                          Function 00983710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008F604C
                                                                                                                                                                                                            • Part of subcall function 008F600E: GetStockObject.GDI32(00000011), ref: 008F6060
                                                                                                                                                                                                            • Part of subcall function 008F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008F606A
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0098377A
                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00983794
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                          • Opcode ID: 1c917142dc48f47a3eb8fa5d25128f08f13fe65fc145db8125d4b84260fe3593
                                                                                                                                                                                                          • Instruction ID: a2082e8973abcb2a87b57fa896f57216d0f44dddb763ac7fe9ec08f80a657432
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c917142dc48f47a3eb8fa5d25128f08f13fe65fc145db8125d4b84260fe3593
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C1129B2620209AFDF00EFA8CC45EEA7BB8FB08714F004915F955E2250E735E8619B60
                                                                                                                                                                                                          Function 0096CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0096CD7D
                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0096CDA6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                                          • Opcode ID: 64069c899b007880f7252609f6b90c8f830a5ae72c0bc6e6ffd876cad583e543
                                                                                                                                                                                                          • Instruction ID: bd3c4750255f1f01b60ee81caca878ba836d07175d49b921d79b9b32ed945c61
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64069c899b007880f7252609f6b90c8f830a5ae72c0bc6e6ffd876cad583e543
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0311C2F1215631BAD7385B66CC59EF7BEACEF127A4F00462AB189931C0D7789844D6F0
                                                                                                                                                                                                          Function 00983429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 009834AB
                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009834BA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                          • String ID: edit
                                                                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                                                                          • Opcode ID: 13489c394a2e49a24a1e056cf5380dea8da22effa0867dc407c138cf120306ac
                                                                                                                                                                                                          • Instruction ID: 1ca14d66cbe081b116c07c50e9c69f77280910809e0681a68ed7456ed93f2ee7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13489c394a2e49a24a1e056cf5380dea8da22effa0867dc407c138cf120306ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27116D71114108AAEB11AE74DC44EBB376EEF45B78F508724F961932E0C775DC519760
                                                                                                                                                                                                          Function 00956C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00956CB6
                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00956CC2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                                          • Opcode ID: cd01b4487dab485540aed31df06509c3249e73cff0e9f3d71bbf16d2d7442e80
                                                                                                                                                                                                          • Instruction ID: 14adbba58f055e68d8eb2944127743572f0d362345391351dcef9371db94f0f4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd01b4487dab485540aed31df06509c3249e73cff0e9f3d71bbf16d2d7442e80
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4401A13261052A8ACB21DFBEDC809BF77B9FA61721B910924ED9297190EB31D948C750
                                                                                                                                                                                                          Function 00951CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00951D4C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                          • Opcode ID: 0f1bcc1598e88e43a4d62dc98dc07c5c8427b3244f20f45298438edbfe6d171e
                                                                                                                                                                                                          • Instruction ID: 22a9ecdf103a3a97cedb466ba2ab96f3089a2da346bf608a789ab41a4cc18bfe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f1bcc1598e88e43a4d62dc98dc07c5c8427b3244f20f45298438edbfe6d171e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D01B571611218AB8B08EFA5DD51AFE7778FB46390B140919EC62972C1EA31590C8761
                                                                                                                                                                                                          Function 00951BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00951C46
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                          • Opcode ID: 74b9ced0a4e3789588719a081ae1edac8d836b46be0dfe4e1f59945605b7161b
                                                                                                                                                                                                          • Instruction ID: 0e041cd306fe9a75f3413220e0363a3eec641de79099e3bcd692bf9887bf9188
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74b9ced0a4e3789588719a081ae1edac8d836b46be0dfe4e1f59945605b7161b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F301A77569110867CB04EBA5CA52BFF77ACEF51381F140429ED86A7281EA259F0CC7B2
                                                                                                                                                                                                          Function 00951C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00951CC8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                          • Opcode ID: 66532058d5d6b2fb9f2f40840b45ee018ba21b8e70f60afbe3fc0182abd980a2
                                                                                                                                                                                                          • Instruction ID: 4c29afa0db323a82977d59e4463ac7e97fc9464c96a0cea6a7eb11c4deac2a7e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66532058d5d6b2fb9f2f40840b45ee018ba21b8e70f60afbe3fc0182abd980a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7301D6B169011867CB04EBA6CB01BFE77ACAB11381F140025FD82B3281EA229F0CC772
                                                                                                                                                                                                          Function 00951D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD
                                                                                                                                                                                                            • Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA
                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00951DD3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                          • Opcode ID: 408f31f54d4da484029248a21e67f2b326958373105b0b44fc7f09082b9fc169
                                                                                                                                                                                                          • Instruction ID: 0dc40bf92dc1f4eea676b349f9b3fd7feb0b7dcfb622a1c06de00fd78e0324ee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 408f31f54d4da484029248a21e67f2b326958373105b0b44fc7f09082b9fc169
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F0A471A5121866DB04EBAACD52BFE777CFB41395F140915FD62A32C1EA705A0C8361
                                                                                                                                                                                                          Function 0097747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                          • String ID: 3, 3, 16, 1
                                                                                                                                                                                                          • API String ID: 176396367-3042988571
                                                                                                                                                                                                          • Opcode ID: e47b12b56198d3a8f803b909378ce4acf3c28cf2e5030b6b50dff23a5278e1e2
                                                                                                                                                                                                          • Instruction ID: 80e454fdc6e569a1daffd2da640591341c9c407cfb55ee7af9fbfd628692703e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e47b12b56198d3a8f803b909378ce4acf3c28cf2e5030b6b50dff23a5278e1e2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37E02B0330422010923112BAACC1BBFD6CEDFC9BA0714182BF989C227AEA948DD193A1
                                                                                                                                                                                                          Function 00950B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00950B23
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                                          • Opcode ID: ce5b85500c9c997e49053f52bb95616590720170c8295ab7d1703fbbf6ca4e81
                                                                                                                                                                                                          • Instruction ID: 928877737139526581e62a3b51fadf2b8f7de3cf487fc83ab2412a1bcee59deb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce5b85500c9c997e49053f52bb95616590720170c8295ab7d1703fbbf6ca4e81
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EE0D8312443082AD22437547C03FC97A889F45B25F10046AFB98955C38BE2259007F9
                                                                                                                                                                                                          Function 00910D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0090F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00910D71,?,?,?,008F100A), ref: 0090F7CE
                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,008F100A), ref: 00910D75
                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,008F100A), ref: 00910D84
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00910D7F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                                          • Opcode ID: 3863ab1c735eb72976b37e0d093c1cab099185947a847b1f84cf47860eb588b8
                                                                                                                                                                                                          • Instruction ID: 2d29323f5dae0e8305ad9a1612bb3faddf4af80de28a4937e3e89bc0ac109939
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3863ab1c735eb72976b37e0d093c1cab099185947a847b1f84cf47860eb588b8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47E06DB42007418FD730AFB8E8047867BE4AB44744F00492DE492C6796DBF5E4888BA1
                                                                                                                                                                                                          Function 00963017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0096302F
                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00963044
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                                          • Opcode ID: a67567246d815241e4767bfc28aba45169ac67f93ecd914ec600757f8bcd4c23
                                                                                                                                                                                                          • Instruction ID: 2789f4f293c8f8a8d8710d1c6e2fb5eafee741a731a6838dab4b7df644087e1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a67567246d815241e4767bfc28aba45169ac67f93ecd914ec600757f8bcd4c23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28D05EB250032877DA20A7A4AC0EFCB3A6CDB04760F4002A1B665E21D5DAB4E984CBE0
                                                                                                                                                                                                          Function 0094D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                                          • Opcode ID: fc7efd437a4ebb271f335ad786764679794143b54cc934bdf1a21f20f88c3f13
                                                                                                                                                                                                          • Instruction ID: 47adb95af9bc898325e7caa2c558851bc285e5e11a43507b14d3a0639339b623
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc7efd437a4ebb271f335ad786764679794143b54cc934bdf1a21f20f88c3f13
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39D012B580A109EACB9096D0DC49DB9B3BCBB48301F508852F82AA1080E67CD508AB61
                                                                                                                                                                                                          Function 00982322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0098232C
                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0098233F
                                                                                                                                                                                                            • Part of subcall function 0095E97B: Sleep.KERNEL32 ref: 0095E9F3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                          • Opcode ID: 27ced19c64cde970d9af23399b5714a75b1d8a85a16012f8acdf1e93227df57e
                                                                                                                                                                                                          • Instruction ID: f5bd01ae0b6ff5f8f089e1ac575c6c32258afd342f674b8a2a331fb2b7ed7d1b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27ced19c64cde970d9af23399b5714a75b1d8a85a16012f8acdf1e93227df57e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24D022723A8300B7E768B330DC1FFC67A049B40B10F0009167705AA2D0C8F0B805CB24
                                                                                                                                                                                                          Function 00982356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0098236C
                                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 00982373
                                                                                                                                                                                                            • Part of subcall function 0095E97B: Sleep.KERNEL32 ref: 0095E9F3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                          • Opcode ID: e55356411eaed190f73f5ee504c5b8a97c7268a9911386a310f237ded3302a09
                                                                                                                                                                                                          • Instruction ID: f70ef938a8b0b06d519b20ff707650e8afcf26d39ec48fd02b9a74eea4f46211
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e55356411eaed190f73f5ee504c5b8a97c7268a9911386a310f237ded3302a09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBD0A9723983007AE668A330DC0FFC666049B40B10F0009167601AA2D0C8B0B8058B28
                                                                                                                                                                                                          Function 0090F7E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyIcon.USER32(0001040B), ref: 0090F7EA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DestroyIcon
                                                                                                                                                                                                          • String ID: ($
                                                                                                                                                                                                          • API String ID: 1234817797-3146928370
                                                                                                                                                                                                          • Opcode ID: ab40438b672c2cdbe1ba95e499793aa90a6b327991a16421201a554b1fb1b87b
                                                                                                                                                                                                          • Instruction ID: fc34b6b307bcea62665edc09c2476a12407a390171ebd22b3eb4b36483e83c8c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab40438b672c2cdbe1ba95e499793aa90a6b327991a16421201a554b1fb1b87b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CC01230F2830A47872C37BE6C64B78218AFBC3384321003CA242C2AA3CE20880056BB
                                                                                                                                                                                                          Function 0092BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0092BE93
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0092BEA1
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0092BEFC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.2220379938.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220353297.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2220991386.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221102023.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.2221140026.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8f0000_file.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                          • Opcode ID: 6fa0579ae6d3322aa6cac83c9350e13f60f49867fd5bca9b2e8df915c6d36a3a
                                                                                                                                                                                                          • Instruction ID: 915d56fb31a3bfd5aeb303a507fcdd1fb5aef8cffac40ff36ab090cb17464b1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fa0579ae6d3322aa6cac83c9350e13f60f49867fd5bca9b2e8df915c6d36a3a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38413A35604226AFCF21AF64ED54BFA7BE9EF41320F154169F969972A9DB308C00DB60

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:0.4%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:100%
                                                                                                                                                                                                          Total number of Nodes:6
                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                          execution_graph 5000 288da1d5277 5001 288da1d5287 NtQuerySystemInformation 5000->5001 5002 288da1d5224 5001->5002 5003 288da1db7f2 5004 288da1db849 NtQuerySystemInformation 5003->5004 5005 288da1d9bc4 5003->5005 5004->5005

                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00000288DA1D5277 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000012.00000002.3435758679.00000288DA1D2000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000288DA1D2000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_18_2_288da1d2000_firefox.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                          • Opcode ID: 1ed0c40ada2de8038ad966133955200ec3844e16385efc6a9cd76ccc1fbaffea
                                                                                                                                                                                                          • Instruction ID: d7edd2a28f1fd9a5d5ad3d6f564d6ca45edb623cd8690899d7476b9808c59c9b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ed0c40ada2de8038ad966133955200ec3844e16385efc6a9cd76ccc1fbaffea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3A30331614A588BDF2DDF28DC897A977E5FB95300F54922ED94BC3281DF30EA528B81